WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed.
The vulnerability was publicly posted by a user named as ‘localhost’ on October 3rd, 2013 and also reported by several users on various Hosting related Forums. He also released a proof-of-concept exploit code for this SQL injection vulnerability in WHMCS.
WHMCS says, as the updates have “critical security impacts.”, enables attackers to execute SQL injection
attacks against WHMCS deployments in order to extract or modify
sensitive information from their databases i.e. Including information
about existing accounts, their hashed passwords, which can result in the
compromise of the administrator account.
Yesterday a group of Palestinian hackers, named as KDMS Team exploited same vulnerability against one of the largest Hosting provider - LeaseWeb. After obtaining the credentials, attackers were able to deface the website using DNS hijacking.
While all versions of WHMCS are affected by this vulnerability, WHMCS v5.2.8 and v5.1.10 have been released to address this specific SQL injection vulnerability.
Just after the release of exploit online, CloudFlare added
a ruleset to their Web Application Firewall (WAF) to block the specific
attack vector. They mentioned that CloudFlare Hosting partners behind
CloudFlare's WAF can enable the WHMCS Ruleset and implement best
practices to be fully protected from the attack.
Source: http://thehackernews.com/