oss-sec mailing list archives

Re: Re: WHMCS 5.0.2> SQLi CVE Request

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 11 Jun 2012 10:49:25 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/07/2012 09:53 AM, Dex wrote:

Because securityfocus seem incapable of reading code, which I
guess should be expected from an operation like that, they link to
the vuln check code. The exploit code is available at PacketStorm: 
http://packetstormsecurity.org/files/113106/WHMCS-Blind-SQL-Injection.html

 On Thursday, June 07, 2012 at 4:48 PM, Dex  wrote:Hello all I'd
like to  request a CVE for this bug please so that I can be 
cool/save the planet.http://www.securityfocus.com/bid/53711 It is
what was patched with this patch from WHMCS 
http://www.securityfocus.com/bid/53770http://blog.whmcs.com/?t=47828

Thanks in advance,dx7r

I hate myself for this.


So I looked at the info and the patch and there isn't really much info
apart from "SQL Injection" and the patch is base64 and requires some
special loader. Can someone post the actual PHP and/or details, a
bugzilla, or?


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP1iGVAAoJEBYNRVNeJnmTgOcQAI4Eo/L7IzbFOiY19+zVzoEu
Gg+JzbX1T5mr7Ymp8eho9l25bGVYZSzjsk1wm7c7zEdcShxMeFQhH6eHGJ7Q1vEg
R8tTVF0Cp9kKL4SLxcMU3gePUv/N0r0PTtVuuhDy/XrEQOhTR38UXID8HSE6lVo0
XeQJ1026O+rQPGipfCFOocXZ+bFkcbEcBTH9r0xeCLF3I5zFvtOKKVraChkakbVt
tj4fX9XDCuu+d1Dc5PkQ2DTETlDLIgIAkMFTCyIe3GdQqXHNh6hNh1r2ZOX7p22s
wSYtL8r3R/4wF4VhFab7ZZfR/zciyGPg4u0bNIIdSGtRaHGGwLAIW743uWkp5sLh
8it3f5i8VVGn/C7PWqGwT8eIaCVz1Vr36sVpELW4OYnKyHEfgxfHOoVyU+kaxHi/
pOeYfwh8J+HixvtRs729Ktq40KDrvfx6jU5SUrmATgRWDlWLDEQ5NIRCZNbWdFgu
8WXH6ntN6v6hOfdR7OgbPcRNX2thVSDyvU+YzZf505BvuFo4F8LteKKZxlKGE/QR
5Ez+Js3jr+wLL11c/Vi+xHkpa9dYXOGIDN7WMzhVHJGcnrh6+G+JrN1cNQ1BVHp1
IJG40KT/QKIqBmU2rShi0ydxTGmu5yYtBioIAHwCxTKQ3nQ5ACzeQKljF7YRh9yE
9M91KeD4LEqIa8FJyRss
=Ntgp
-----END PGP SIGNATURE-----

Current thread:

WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)
- <Possible follow-ups>
- Re: WHMCS 5.0.2> SQLi CVE Request Dex (Jun 07)
  - Re: Re: WHMCS 5.0.2> SQLi CVE Request Kurt Seifried (Jun 11)