New Vuln In Whmcs Script

Bullten said:
Whmcs way of hacking if you have not patched yet.

First: Create a ticket withe the following content below:



Now when you are not patched it will create a folder named king and a php shell named king.php

Below is the decoded file:



I see bunch of these codes daily
Click to expand...

do people not read or understand DO NOT publish the base64 code. this has been mentioned on this forum before and many times on the WHMCS forum as publishing the code is a risk in itself
 
Dont keep anything private. let people know how its done and many of us will find if it can be a problem in future. Hiding something will make something dangerous to effect mass. Releasing something hidden and dangerous will diminish its effect
 
Bullten said:
Dont keep anything private. let people know how its done and many of us will find if it can be a problem in future. Hiding something will make something dangerous to effect mass. Releasing something hidden and dangerous will diminish its effect
Click to expand...

wrong its a major risk to publish the code as fully explained why on the WHMCS forum. publishing this on another forum as it would be removed from the WHMCS does not reduce the risk it increases the risk
 
Well to confirm something, when you hide something it increases the risk because people are not aware of it. Let everyone know how it was done and the ways they can find to stop it. May be by editing whmcs script or by server side security.

Second, Every one can decode this script or already know how it is done and its not of a high risk now. Scripts have been edited, patches have been made and its already secured. Then whats the risk.

To count in your knowledge, Sql injection was also a serious flaw in the website and was not reveled how it was done. That was at a high priority risk and just because of hiding something millions of sites were hacked.

Your way of think can really help people to understand online security and patch them as possible.

And if you can secure your website properly then you would have never posted a lame comment. Learn different things and share your knowledge
 
The problem is you are dependent on others. Even you have not used the patch and done proper settings in your server then also that code would have failed to execute.

They dont want to get it published because everyone know that all the sellers using this "WHMCS" cannot update their script at once. Many would not update this script at all. So they say dont post

Third remember hacker gona use all these things. Not a normal member. The silly part is how can you stop people to know how this hack works? If you know proper way of using Google then you may have found many forums explaining this.

Atleast I suggest before replying just search on Google for what you are replying and if you think I did something wrong by posting then I would say again a lame comment. Thats all I have to say..:)
 
Never worked on our systems a while back.

We do not use the support system in WHMCS anyway, but plenty try it on our custom coded desk, and forever fail :D
 
You must log in or register to reply here.

Supporters

Back
Top