-
January 27th, 2016, 23:33
#1
عضو دائم
WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
سریعا بروز رسانی فرمایید
Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.
● مدیر فنی سرور - کانفیگ فنی و امنیتی سیستم عامل و انواع کنترل پنل های لینوکس cPanel - Directadmin / نزدیک به 10 سال تجربه
-
تعداد تشکر ها از nimafire به دلیل پست مفید
-
January 27th, 2016 23:33
# ADS
-
January 27th, 2016, 23:43
#2
عضو دائم
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)

نوشته اصلی توسط
nimafire
سریعا بروز رسانی فرمایید
Product DescriptionWHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control.
Vulnerability DescriptionDue to a CSRF vulnerability within the "Application Links" feature in the admin panel of WHMCS, it is possible for a malicious user to make unauthorized changes. For example, it would be possible to change the WHMCS Single Sign-On links within cPanel to display any text they wanted which could cause alarm for unsuspecting hosting users.
ImpactWe have deemed this vulnerability to be rated as MEDIUM due to the fact that while no sensitive information can be obtained, the "scare factor" for hosting users is rather high should they log into cPanel and see the WHMCS links all displaying a malicious message.
Vulnerable VersionThis vulnerability was tested against WHMCS 6.2.0.
Fixed VersionThis vulnerability was patched in WHMCS 6.2.1.
ممنون
ولی خوب مگه 6.2.1 دیروز منتشر نشد و آپدیت کردیم. در متن اشاره شده در 6.2.1 رفع شده.
یا منظور شما چیز دیگری یا نسخه دیگری بود که من متوجه نشدم؟
..::| بیش از یک دهه |::..
-
-
January 28th, 2016, 00:08
#3
عضو دائم
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟
-
-
January 28th, 2016, 00:23
#4
عضو انجمن
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)

نوشته اصلی توسط
OmidX
پچ ۶.۲.۱ رو نصب کنیم کافی هست ؟
سلام
بله کافی هست
-
-
January 28th, 2016, 00:41
#5
عضو انجمن
پاسخ : WHMCS - Admin Application Links CSRF Vulnerability (R911-0188)
ممنون بابت اطلاع.
6.2.0 --> 6.2.1 http://go.whmcs.com/950/v620_incremental_to_v621_patch
فقط یه نکته: دوستانی که فولدر admin رو رینیم کردن فایل رو طبق اسمی که انتخاب کردن تغییر بدن.
-
تعداد تشکر ها از Z.eus به دلیل پست مفید