# HostBill 4.6 Database Dump (Patch it!)



## Reece-DM (Jun 2, 2013)

Hi,

i'm shocked there hasn't been much coverage on this over here but anyhow:



> *Hostbill 4.6* has severe security vulnerability and it allows someone to dump entire database and download it. This allows attackers to gain sensitive information including credit card details. The root cause of this vulnerability is* *


----------



## netnub (Jun 2, 2013)

Yeah. Tons of sites were effected by this.


----------



## SkylarM (Jun 2, 2013)

The important question is:

Who paid hostbill $75 to report the issue? :lol: :lol: :lol: :lol:


----------



## netnub (Jun 2, 2013)

I know 25 companies who have been hacked using this, 1000's if not 10,000's of customers infos taken. I know the sites and have anonymously reported it.


----------



## Reece-DM (Jun 2, 2013)

Good thing it was quickly patched, can give them a high five for that.

Though it would seem that the PHP eval exploit that was rolling about last year could be executed via other means in HB.

Lets hope for there damm stupid pricing they actually sort it.


----------



## SPINIKR-RO (Jun 2, 2013)

Just to be clear,

This is the one issued on last Wednesday afternoon.

If you make a post like this be sure to mention when it is from, with lack of detail it looks as if you are posting about a new issue. I would say it got coverage pretty well, and patched very fast.


----------

