URPad Claiming new WHMCS Vuln

Looks like URPad posted about a WHMCS or Solus vulnerability (https://www.facebook.com/urpadhosting/posts/658673524215309), but I can't seem to find anything available in regards to news about this. Has anyone else heard anything? Do you think providers should be concerned or do you think it's fluff? 

I certainly have yet to hear anything. Though I'll definitely be keeping an eye out for it now that it's been mentioned.

Maybe it's a new exploit in the SolusVM module?

It's the only thing I can make sense of since they left WHMCS online w/o issue.

Does anyone know if they were using the official module?

Francisco

Strange.

Francisco said:

Maybe it's a new exploit in the SolusVM module?


It's the only thing I can make sense of since they left WHMCS online w/o issue.


Does anyone know if they were using the official module?


Francisco

Click to expand...

http://docs.solusvm.com/release_versions_stable

The last update for the official stable version was on the date of April 22, 2014

The last thing that I can put my finger on was they're either using the beta module or it's got to do something with the new WHMCS update 

markjcc said:

http://docs.solusvm.com/release_versions_stable

The last update for the official stable version was on the date of April 22, 2014

The last thing that I can put my finger on was they're either using the beta module or it's got to do something with the new WHMCS update

Click to expand...

If it was purely WHMCS they would block WHMCS I would think.

Given Solus' coding practices it's possible that the WHMCS upgrades really botched things but that's pretty

far fetched.

Francisco

Worse case scenario, That could be possible. For now I held back on the newest WHMCS update.

Haven't updated WHMCS either.

I just contacted both WHMCS and SolusVM and none of them is aware of any exploit at this point.

I've seen no-one else mention this apart from UrPad.. and there's been no hints anywhere else like WHT... would suggest something local to be. Maybe more IPMI related problems?

Or he was running an older version and got wacked again.

Or just trying to get some attention?

Well, that does turn some heads, but not exactly in a reassuring manner.

We haven't heard or seen anything. They probably got hacked and don't know how and are making assumptions.

We haven't heard about anything yet too. Many of our customers are using both WHMCS and SolusVM, sometimes combined with our modules, but no one has reported anything yet. And most likely no one will.

And just like magic, it's fixed without requiring a WHMCS or SolusVM update.  :lol:

https://www.facebook.com/urpadhosting/posts/658912127524782

Well, that was strange. I guess it's good news that there wasn't a new vulnerability out or anything. Hope they got whatever it was sorted out.

They should probably confirm it's a vulnerability before putting something like that out into the wild. At least they got it fixed.

Thought I would have been upgrading my version! Oh well.

So there is no confirmation yet on such exploit?