whmcs-disclose.txt

2008-11-29T00:00:00
ID PACKETSTORM:72386
Type packetstorm
Reporter Julian A. Rodriguez
Modified 2008-11-29T00:00:00

Description

                                        
                                            `Software: WHMCS V3.7.1  
Complete Name: WHM Complete Solution Version 3.7.1  
Bug: Information Disclosure  
  
Website of the Software: http://www.whmcs.com/  
  
  
Author: Julian A. Rodriguez  
Contact: julianrdz91@gmail.com  
  
  
Review:  
  
An attacker can obtain very sensible information about the server  
just typing the next path : /status/index.php?action=phpinfo  
You can enter to this folder/file without any kind of security test  
or some authorization. You can get information about the versions  
of the software, the kernel version, the operating system, the  
commands that you can use inside the server, you can see if the  
safe mode of the server is on/off, you can grab information  
about the server administrator too, the path of the server root,  
and a lot of more information about the server.  
  
Proof of Concept:  
http://www.xxxxxxxx.net/status/index.php?action=phpinfo  
  
Note:  
In the demo of the site whmcs.com you can't enter to this section because  
the files have been deleted for security reasons.  
  
  
--  
Julian A. Rodriguez  
Website: http://www.nulledcore.com  
`