O-Day Exploit May Cause WHMCS More Security Trouble

WHMCS, whose customers had their usernames, passwords and credit card numbers made public early this week as a result of a breach, may face further security problems, according to security journalist Brian Krebs.

A malicious tool called WHMCS 0-Day started popping up on underground forums a couple of months ago where cyber-criminals buy and sell tools and technologies they use. This tool appears to automatically exploit an unpatched critical vulnerability allegedly existing in all versions of WHMCS. The vulnerability is supposed to allow a “full blind SQL injection” using a technique discovered by the seller.

For a $6k fee, the tool helps the buyer get administrator passwords while granting him full remote access to all compromised WHMCS installations via a web browser. Successful exploitation would allow him to perform further unauthorized actions on the vulnerable servers.

It is unknown what exactly an attacker can control with exploitation of the account, but it is highly likely they could create web-hosting profiles to store malware and phishing pages, or even gain access to credit card information associated with each customer account created on the server.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.