For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Whmcs 5.2.7 sqli injection
10-07-2013, 05:24 AM,
Post: #1
Whmcs 5.2.7 sqli injection
Hidden Content:
You must reply to see links

WHMCS 5.2.7 SQLI INJECTION
So, Friends and Enemies :p here is the Lastest Vulnerability Leaked in Black Hackers Market for WHMCS

Vulnerability Effects:

/includes/dbfunctions.php:

Quote:<?php
function update_query($table, $array, $where) {
#[...]
if (substr($value, 0, 11) == 'AES_ENCRYPT') {
$query .= $value.',';
continue;
}
#[...]
$result = mysql_query($query, $whmcsmysql);
}
?>


and download exploit from following link Exploit in python:
Hidden Content:
You must reply to see this content

Exploit in php:
Hidden Content:
You must reply to see this content

Register a new user on a target WHMCS install (/register.php)
and edit the exploit with site name, email and password.

ENJOY!!!! ::happy::

Need help ! just ping me Blackhat
Jabber : c0defire@xmpp.jp
ICQ : 701491310

Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
10-07-2013, 07:30 AM,
Post: #2
Whmcs 5.2.7 sqli injection
thanks for sharing

read rules before adding signature :)
Quote
10-07-2013, 08:24 AM,
Post: #3
Whmcs 5.2.7 sqli injection
thanks for sharing :)
Quote
10-07-2013, 05:34 PM,
Post: #4
Whmcs 5.2.7 sqli injection
Thanks for sharing
Quote
10-07-2013, 06:50 PM,
Post: #5
Whmcs 5.2.7 sqli injection
I am having problen in running python script, showing this error.. (running script on CMD windows)

Getting CSRF token
Traceback (most recent call last):
File "C:\Users\vivek\Desktop\whmcs.py", line 30, in <module>
user = login()
File "C:\Users\vivek\Desktop\whmcs.py", line 21, in login
csrf = re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")', r.r
ead()).group(2)
AttributeError: 'NoneType' object has no attribute 'group'
Quote
10-08-2013, 05:36 PM,
Post: #6
Whmcs 5.2.7 sqli injection
lemme check it and ill edit it soon
Quote
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp
10-11-2013, 05:30 PM,
Post: #7
Whmcs 5.2.7 sqli injection
thnxxxxxxxxxxxx
Quote
10-12-2013, 03:30 PM,
Post: #8
Whmcs 5.2.7 sqli injection
thank you for share
Quote
10-13-2013, 05:47 PM,
Post: #9
Whmcs 5.2.7 sqli injection
hanks for sharing
Quote
10-14-2013, 10:33 PM,
Post: #10
Whmcs 5.2.7 sqli injection
good work (Y)
Quote


Possibly Related Threads...
Thread Author Replies Views Last Post
MyBB Ajaxfs v2 Plugin - SQL Injection Vulnerability Mr.HacKer 7 7,910 04-14-2019, 07:36 PM
Last Post: robinback
WHMCS 0day Auto Exploiter &lt;= 5.2.8 by g00n Team Xploiters Codefire 71 56,769 03-29-2019, 08:04 AM
Last Post: ibrahimcheik
Inferno vBShout &lt;= 2.5.2 SQL Injection Vulnerability Codefire 2 4,493 02-25-2019, 08:08 PM
Last Post: Nevermind
Joomla SQL Injection 2017 JK-EXPLOITER 0 2,671 07-28-2017, 12:40 PM
Last Post: JK-EXPLOITER
vBulletin 4.x Verify Email Before Registration Plugin - SQL Injection Vulnerability Codefire 1 3,912 01-30-2016, 10:40 PM
Last Post: bl4ck
WHMCS 5.x Authentication Bypass Vulnerability Pratham 9 8,378 11-27-2015, 10:50 AM
Last Post: koles
WordPress plugin cardoza-ajax-search 1.1 sql injection Pratham 0 2,975 04-06-2013, 05:41 PM
Last Post: Pratham

Forum Jump:


Users browsing this thread: 1 Guest(s)
For Support and Advertisement you can contact  701491310 c0defire@xmpp.jp


All rights reserved © 2012-2015 OffensiveCommunity, Designed at WallBB Co Uk
Powered By MyBB, © 2002-2020 MyBB Group.