Industry News

O-Day Exploit May Cause WHMCS More Security Trouble

WHMCS, whose customers had their usernames, passwords and credit card numbers made public early this week as a result of a breach, may face further security problems, according to security journalist Brian Krebs.

A malicious tool called WHMCS 0-Day started popping up on underground forums a couple of months ago where cyber-criminals buy and sell tools and technologies they use. This tool appears to automatically exploit an unpatched critical vulnerability allegedly existing in all versions of WHMCS. The vulnerability is supposed to allow a “full blind SQL injection” using a technique discovered by the seller.

0-Day Exploit May Cause WHMCS More Security Trouble

For a $6k fee, the tool helps the buyer get administrator passwords while granting him full remote access to all compromised WHMCS installations via a web browser. Successful exploitation would allow him to perform further unauthorized actions on the vulnerable servers.

It is unknown what exactly an attacker can control with exploitation of the account, but it is highly likely they could create web-hosting profiles to store malware and phishing pages, or  even gain access to credit card information associated with each customer account created on the server.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

About the author


A blend of teacher and technical journalist with a pinch of e-threat analysis, Loredana Botezatu writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair. Loredana has been writing about the IT world and e-security for well over five years and has made a personal goal out of educating computer users about the ins and outs of the cybercrime ecosystem.