Portal Home > Knowledgebase > Articles Database > [READ] WHMCS Security Issue
[READ] WHMCS Security Issue
Posted by MannDude, 11-13-2011, 01:41 PM |
If you use WHMCS, please make sure you have the most recent version.
Otherwise, there is a vulnerability that will reveal some information you do not wish to make public via your source code. To see what I mean, try:
<>
You will find within the source:
Update to the most recent version ASAP if you have not already.
Last edited by Mike V; 11-13-2011 at 03:09 PM.
|
Posted by thehostingme, 11-13-2011, 02:43 PM |
Yeah, and here is the patch: http://www.webhostingtalk.com/showthread.php?t=1090735
|
Posted by servermanaged, 11-13-2011, 03:51 PM |
MannDude I hope that you have not discovered the announce of this vuln just today. It is in the wild from October, 15.Blackhats use this vulnerability for directory traversal attacks :
BEGIN LOG
GET /billing/cart.php?a=test&templatefile=../../../../../../../../etc/passwd%00 - Offending IP: 65.111.XX.XX
GET /whmcs/cart.php?a=test&templatefile=../../../../../../../../etc/passwd%00 - Offending IP: 65.111.XX.XX
GET /whmcs/billing/cart.php?a=test&templatefile=../../../../../../../../etc/passwd%00 - Offending IP: 65.XX.XX
END LOG
|
Posted by MannDude, 11-13-2011, 04:01 PM |
I searched, didn't find it here. This was brought to my attention by another member in the premium forum and wasn't for sure how 'known' it was. Figured it was worth a share if it may save people some headache.
|
Add to Favourites Print this Article
Also Read
25 blocked (Views: 611)