New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
WHMCS Select Attempts
agoldenberg
Member, Host Rep
in Providers
Any of you other providers seeing a lot of people trying to order services in order to try to hack into your WHMCS install?
I have people registering at least once a day and in their address field are trying to perform a select from the users table..
Comments
Maybe it is a XSS Attack!
Yep but not as often, I'm sure its one of the older WHMCS exploits.
Yeah I never had this happen before. A couple days ago I started seeing them. Looked around for a exploit but I think it's safe for now.
perhaps you mean like this @agoldenberg ??
if this true, i had 10 times and now it's gone
an old exploit from 2013 http://blog.whmcs.com/?t=79527
@ndha yeah that's exactly it.
Just got this mail from my WHMCS!
@adxn second client attacker.
Yep! It is just a brand new WHMCS!
Decided to throw together a WHMCS hook for this so here you go: https://github.com/KuJoe/chkClientDetails
EDIT: @agoldenberg in case you don't get a notification that I replied to the thread.
Interesting. It'll be more interesting if the error messages would have something that will p*** the person off.
You can change the error message if you want, I like to keep it neutral just to be safe.
This should be in WHMCS by default
@KuJoe , I agree wit nexmark, Why not contact Whmcs to propose your work?