Jump to content

WHMCS 5.2.7 Vulnerability


info@fsit.ch

Recommended Posts

Oh. Oh. Oh. This is... beyond bad.

 

/includes/dbfunctions.php:

 

**EXPLOIT REMOVED**

 

What's this? If the SQL update has a value that starts with AES_ENCRYPT it must be totally legal and trusted and why the **************** should we db_escape_string() it? Speechless.

Link to comment
Share on other sites

Screenshot to not spread the kiddy-ready-exploit-python-file.

**EXPLOIT REMOVED**

 

Doesn't look too good!

 

- - - Updated - - -

 

Just for the information: It was posted about 20-30 minutes ago from this time.

 

- - - Updated - - -

 

You should take your complete WHMCS installation offline for now.

For the not-so-technical people: It allows you to run ANY MySQL statement on your installation. So yes, you can fetch everything from the database you want to.

Edited by No-Server
Link to comment
Share on other sites

this is in dbfunctions, and this specific bit of code really isn't that version specific.

 

Of course I could be wrong, but I'd lay good odds that this is not just 5.27 , but every version of whmcs that utilizes dbfunctions.

 

Oddly enough, this is a simple fix, unless there's something else in there, I'm surprised they haven't fixed it and released it yet

Link to comment
Share on other sites

Hi guys,

you don't need to remove your WHMCS installs. Here's how to fix this WITHOUT doing so:

Inside of your WHMCS install directory (in ssh)

chmod a-xrw includes/dbfunctions.php

This will deny WHMCS from writing, or reading dbfunctions, and cause the system to just abort

 

OR

from ssh again:

chmod a-xrw "whmcsdirectoryhere"

 

Both work

Link to comment
Share on other sites

@twhiting9275

 

You mean this will cause the system to abort for hack attempts only? Sorry, not my strong area clearly. What does this mean for the end user?

 

Thanks!

 

Hi guys,

you don't need to remove your WHMCS installs. Here's how to fix this WITHOUT doing so:

Inside of your WHMCS install directory (in ssh)

chmod a-xrw includes/dbfunctions.php

This will deny WHMCS from writing, or reading dbfunctions, and cause the system to just abort

 

OR

from ssh again:

chmod a-xrw "whmcsdirectoryhere"

 

Both work

Link to comment
Share on other sites

Howdy All,

 

We've been working diligently to get the security patches for this issue out the door. As it's already been noted, we've gotten the first set of patches out. The 5.1 patches are being worked on as this post is being written. We will update this thread, the blog and Twitter then the 5.1 patches are ready.

 

http://blog.whmcs.com/

https://twitter.com/whmcs

 

Thank you so much for your patience.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated