New WHMCS Exploit

[XFS_Duke]

I'll post...

122.3.33.7

86.143.76.124

Will post more as I see them. I did, as well as recommend that everyone using WHMCS lock the name fields on their installation. It's simple to do:

Setup > General Settings > Other then Locked Client Profile Fields

I locked First Name, Last Name and Company... You could lock them all and make the customer contact you to update, but eh...

 

[concerto49]

People on one of our WHMCS installs keep changing their first name to:


'AES_ENCRYPT(1,1), firstname=(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)


It isn't doing anything, but it's funny to see them register and try and try and try... lol

We get this all day long too.

 

[shovenose]

I locked First Name, Last Name and Company... You could lock them all and make the customer contact you to update, but eh...

I lock them all

 

[ryanarp]

We get this all day long too.

We have only had this happen once, that was fun to watch. 

 

[Riccardo_G]

 

[SkylarM]

We've had a bunch of people sign up but not place orders, we have Client fields locked outside of email after initial registration so maybe that helped? Who knows.

 

[Francisco]

Aldryic locks everything.

It's a pain in the butt to the customer but honestly, the only time people want to change things is when accounts aren't in their own name.

Francisco

 

[SkylarM]

Aldryic locks everything.


It's a pain in the butt to the customer but honestly, the only time people want to change things is when accounts aren't in their own name.


Francisco

I had to lock it all down when a customer doing not so legal things was terminated he promptly went in and edited his account details out of the account. Wasn't having any of that

 

[MartinD]

Likewise. We do have first and last name locked though. Regardless, all changes are logged and archived too for the above reason mentioned by SkylarM.

 

[TJR]

another exploit

http://localhost.re/

 

[TJR]

and here is an IP to add to your block lists:  91.194.91.196

 

[jarland]

Yay!

 

[ServerBros]

Thankfully another prompt fix, although it seems to have broken the mass mailing function!

 

[RiotSecurity]

Thankfully another prompt fix, although it seems to have broken the mass mailing function!

and tomorrow... "New WHMCS Exploit, AGAIN"

 

[Reece-DM]

Thankfully another prompt fix, although it seems to have broken the mass mailing function!

Glad it's not just me who realised that!

 

[tchen]

That mass mailing function deserved to be broken

 

[ShardHost]

WHMCS really need to get their act together.  They seem to learn nothing from each exploit.

 

[ServerBros]

and tomorrow... "New WHMCS Exploit, AGAIN"

Too true, it's going to take a complete re-write to fix all their sloppy coding, or at the very least an external audit. cPanel are not much better right enough however they don't seem to make as rookie mistakes as WHMCS

 

[TJR]

another IP to add to your block lists:  46.137.244.223

 

[Ree]

WHMCS really need to get their act together.  They seem to learn nothing from each exploit.

In their defense, if these exploits are all in old code then anything they learn now won't help fix code they wrote days/months/years ago.