Jump to content

AES_ENCRYPT to Database backup?

doc8179

By doc8179
in Using WHMCS

 Share

Recommended Posts

doc8179 Junior Member

doc8179

Posted
Posted

I had an attempted AES_ENCRYPT hack,

First Name: 'n403' to 'AES_ENCRYPT(1,1), firstname=(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)'

Default Payment Method: '' to ''

 

I'm running the latest version, and all I read about this seems to indicate the problem had been patched awhile back.

 

However, in the logs i noted this

 

Created Client n403 fghjkhgfd - User ID: 18

- 02/05/2014 17:11 - System - 2.90.243.165

Cron Job: Starting Database Backup

- 02/05/2014 01:56 - System -

Cron Job: Completed

 

2.90.243.165 is his IP address,

if I am reading this correctly, he was able to trigger a database backup?

Was he able to obtain a copy?!?!

0
Link to comment
Share on other sites
doc8179 Junior Member

doc8179

Posted
  • Author
Posted

I'm clear there was a fix... many versions ago..

I'm running 5.3.6

 

"

 

WHMCS Security Advisory for 5.x

Tweet

 

WHMCS has released new patches for the 5.2 and 5.1 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

 

WHMCS has rated these updates as having critical security impacts. Information on security ratings is available at http://docs.whmcs.com/Security_Levels.

 

 

Releases

The following patch release versions of WHMCS have been published to address a specific SQL Injection vulnerability:

v5.2.8

v5.1.10"

 

So my question is.. with the current version, does that log say what I think it does, that this attack was able to backup my database and he was able to get a copy?

0
Link to comment
Share on other sites
doc8179 Junior Member

doc8179

Posted
  • Author
Posted
In your example the db backup is several hours away from the time stamp on the new user, leading me the think the db backup was done as part if the daily cron

 

hmmm

 

does appear that way - had to enter in the detailed "view all"

 

02/05/2014 17:11

Created Client n403 fghjkhgfd - User ID: 18

System 2.90.243.165

02/05/2014 01:56

Cron Job: Starting Database Backup

System

02/05/2014 01:56

Cron Job: Completed

System

 

Thank you for pointing that out !

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept