Create an account

Very important

  • To access the important data of the forums, you must be active in each forum and especially in the leaks and database leaks section, send data and after sending the data and activity, data and important content will be opened and visible for you.
  • You will only see chat messages from people who are at or below your level.
  • More than 500,000 database leaks and millions of account leaks are waiting for you, so access and view with more activity.
  • Many important data are inactive and inaccessible for you, so open them with activity. (This will be done automatically)

0Day Forums Coding CMS WHMCS In WHMCS user can login with every wrong or right password

Thread Rating:
  • 712 Vote(s) - 3.53 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Options
In WHMCS user can login with every wrong or right password

Offline sparus414771


Luxury
*****
Luxury
Posts: 0
Threads: 0
Joined: Oct 2016
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#1
07-26-2023, 11:04 PM
I was trying to create a hook to query an external source when a user does not exist:

add_hook("ClientLoginShare",1,"hook_login_user_from_ldap");

Then I removed that piece of code (Now it's the original whmcs without any modifications).

But now whatever password I enter for a user, it logs in! How can this be and what I'm supposed to do?

The records for the users in db seem to be correct and untouched:

email: [email protected]
password: fdc586a75dabee47810667b735a85e25:%cidv
(original password: abc1235)
Reply

Offline pineal650


Valued member
***
Valued member
Posts: 0
Threads: 0
Joined: Jul 2021
Reputation: 0
Level: inf [Level]
Total Points: inf
Rank nan / 1
100% to upload Level
Rank
Activity inf / 1
99% to upload your Rank
Activity
Experience nan
100% to upload Experience
Experience

Points: 50
#2
07-26-2023, 11:08 PM
OK, I found out when this occurs. When an admin is logged in at the same session from admin panel, every user with every password can log in from the user panel!

I don't know why this happens, but now at least I can avoid it.
Reply

« Next Oldest
Next Newest »


Forum Jump:


Users browsing this thread:
2 Guest(s)

©0Day  2016 - 2023 | All Rights Reserved.  Made with    for the community. Connected through