Hi guys,

I am the webmater of www.tvchost.net. a web hosting company in nigeria. Yesterday someone sent me a mail asking for trial hosting. I replied that he should resend the request on Monday so we can create one for him. He then obliged to help me with other issues. See the mal conversation with him below.

first mail from him

Dear TVCHost,

Name : ~*$hining$tar*~,

Email : Shirningxxxx@yahoo.com,

Message : Respected Admin!
I am looking for a Good Hosting for my upcoming Forum,
But I don\'t want to be careless so I am wishing to have a Trial Hosting for at least 3 days so I would be able to check Server Speed, Security Level, Database Related Script\'s Result & similar,
Please let me know if you are willing to provide me Trial Hosting Service for at least 3 days, it may contain just 100 MB Disk Space & 100 MB bandwith will be enough for me for Test Purpose.
I\'ve also sent you an offline message, this is in Backup as I am need to buy hosting as soon as possible,


My first reply
Ok then please re-contact us on Monday for details

His reply
Shirning Star shirningxxxx@yahoo.com to me

show details 12:21 AM (9 hours ago)


You've Trusted me Respected Dan by at least asking me to come back on Monday,

So I wish to help you,

There is a Security Risk with your Site,

Should I explain that?

My reply
Sure!

His reply
It's that the version that you are using of WHMCS, there is a bug in that version,

Any one can see the Information of your Database,

like:


$license = "blahblahblahblahbb1eb6c4ad92925e";
$db_host = "localhost";
$db_username = "ihave_repaierd the leak";
$db_password = "dontexpect to see my passwor here";
$db_name = "theguywokemeup";
$cc_encryption_hash = "yHB1iC9xkf9D0GwMZ9myhuv9mfAqzWxYuZPCrP0BUZ4KvqnlqAKxU5w6aXmAKKp4";


You should upgrade your WHMCS to any newer versions or you should patch that exploit if available from Official Site & also the server isn't much secure enough because you need to chmod configuration file of whmcs to normally to 111.


WHMCS Bug:

https://the guy is smart.com/cart.php?a=test&templatefile=, /, /, /configuration.php%00

Have a look @ Source code there & you will be able to see the Database information because it's in configuration.php file of WHMCS.



My reply

Wow!

This is very nice of you. Thanks a lot.

He was very correct with all the details he sent me. I just modified theme here.

Caramba!

Two problems:
1. Your server isn't running a good firewall supliment like Apache mod_security with a good ruleset cuz mod_security with a good set of rules will not allow that exploit to pass.
2. You are not following up with WHMCS software updates because WHMCS fixed this over a month ago or so. That means you also ignore WHMCS newsletters and emails they send to ALL customers because this was addressed twice in WHMCS correspondences.

When things like these are involved please do some research before posting. The Google bots have a penchant for indexing misleading topics like this quickly. . . moreso now that WHMCS just released its Version 5.0. . . would almost make people think this topic has to do with the latest release.

ok away with the firewall stuff. I will discuss that with my providers.

Actually it was not a month ago that whmcs made a patch. It was on Dec.1. So not too long. I saw the mail but didnt really take it serious. Besides there is also a patch for v5. so its not about the version

http://forum.whmcs.com/showthread.php?t=43462

At least this post might help a few nairaland hosters. That's why I posted it.

This is the security patch released for the vulnerability your site had.
http://forum.whmcs.com/showthread.php?t=42121

October 15, 2011.

Its almost second nature to ignore "routine" mails from these kinda guys but its good to read the subject at least.

Dual Core:

This is the security patch released for the vulnerability your site had.
http://forum.whmcs.com/showthread.php?t=42121

October 15, 2011.

Its almost second nature to ignore "routine" mails from these kinda guys but its good to read the subject at least.

This is very correct. Keep your eyes on the newsletters of any product or service that you use.

It is very important.

You see, DC and laghst, thank God I opened this thread. I actually implemented the other patch and thought that was fine. Now I solved a problem from nairaland contributors suggestions.

Pls just go take a beer and the money is on me

What's beer without babes? Intel reaching me says the babes go for 500 USD per session. I could make do with two babes . . . on you?

Don't even think about it, Lagoshost. You are happily married

@DC, i never knew you like "flexing" oh. I thought its just work work work.

Its actually play play play for me. I work like 2 hours a day (when I sleep). . . as usual I hate work

Dual Core:

Its actually play play play for me. I work like 2 hours a day (when I sleep). . . as usual I hate work

A better decision is to work just 15 minutes a day and just attend PDP parties other times. O boy u need to come see the babes that service us after the meetings. Google it

I talked about this vulnerability on the 20th of October (a day after it was published)

https://www.nairaland.com/nigeria/topic-785863.0.html
Whmcompletesolution (cart.php) Local File Disclosure


It goes a long way to show how important newsletters from your vendors are.

Hello we can even give you 10 Days Trial at http://miclad.com, Contact us on 08023331214 for more detail

For Your cheap, fast, strong and reliable domain name registration, web hosting, website hosting and website design in Nigeria and beyond visit www.hostgiantafrica.com. You will not regreat it

Company Name: Deonol Integrated Computer Services
About Us :An Information Technology Consultancy firm, Website Hosting and Domain Registar.
Company's Website: https://www.dicsng.com
Phone No : 08035318934/07055360964/09030985887