Bài liên quan
Hack WHMCS by support ticket exploitation and put a shell into it. Note: This exploit will not work with latest version of WHMCS.
First use Google dorks to find sites with “ Powered by WHMCompleteSolution ”.
Like- intext:"Powered by WHMCompleteSolution"
You will see lots of sites choose one which has "Portal Home or Shopping Cart" in title. Assume you took- http:// www.targetsite.com/clients/index.php. That means "clients" is executed folder of WHMCS You have to work on this folder, look right side of menu list. There is a menu named ‘Submit A Ticket’ Click on it You will see one or more department on working area. ( Sometime you will not find any department. On that situation you have to an order without payment and get registered with your fake details. After that login in to WHMCS. Now you will get Department links on Submit A Ticket) Click any department and you will get a contact form with some fields. I’m briefing you what you have to do on those fields of contact form.
Name: In this field you have to put your fake name.
Email: In this field you have to put your fake email address
Subject: Here enter the php code that u can find HERE
And this code will show you the login details of all the accounts of the hosted on that server including the ROOT account :)
Thats it! Enjoy!!! :)
First use Google dorks to find sites with “ Powered by WHMCompleteSolution ”.
Like- intext:"Powered by WHMCompleteSolution"
You will see lots of sites choose one which has "Portal Home or Shopping Cart" in title. Assume you took- http:// www.targetsite.com/clients/index.php. That means "clients" is executed folder of WHMCS You have to work on this folder, look right side of menu list. There is a menu named ‘Submit A Ticket’ Click on it You will see one or more department on working area. ( Sometime you will not find any department. On that situation you have to an order without payment and get registered with your fake details. After that login in to WHMCS. Now you will get Department links on Submit A Ticket) Click any department and you will get a contact form with some fields. I’m briefing you what you have to do on those fields of contact form.
Email: In this field you have to put your fake email address
Subject: Here enter the php code that u can find HERE
And this code will show you the login details of all the accounts of the hosted on that server including the ROOT account :)
Thats it! Enjoy!!! :)
Post a Comment