Jump to content

Spam Entries tblclients

kmm2908

By kmm2908
in Using WHMCS

 Share

Recommended Posts

kmm2908 Senior Member

kmm2908

Posted
Posted

We are seeing a lot of entries in tblclients where one of the fields contains something similar to:

AES_ENCRYPT(1,1), firstname= (SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)

Is anyone else seeing this?
Shouldn't the form fields have data validation to prevent this?

Thanks in advance for any info.

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
3 minutes ago, kmm2908 said:

Shouldn't the form fields have data validation to prevent this?

a lot of the fields don't have any meaning validation. but I recognise that code from the old v5 days.. a six-year old thread...

I think recent versions (e.g anything in the last few years), should prevent them running the code - but i'd certainly recommend opening a ticket with Support to double check that nothing untoward is actually happening (as opposed to just hackers randomly testing WHMCS installs to see if they can be hacked).

1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept