Tuesday, 30 December 2014

WHMCS 5.2.7 SQLI INJECTION

whmcs_logo 




WHMCS 5.2.7 SQLI INJECTION
So, Friends and Enemies here is the Lastest Vulnerability Leaked in Black Hackers Market for WHMCS
Vulnerability Effects:
/includes/dbfunctions.php:
< ?php
function update_query($table, $array, $where) {
#[...]
if (substr($value, 0, 11) == 'AES_ENCRYPT') {
$query .= $value.',';
continue;
}
#[...]
$result = mysql_query($query, $whmcsmysql);
}
?>



and download exploit from following link

Exploit in python:

Python


Exploit in php:

php

Register a new user on a target WHMCS install (/register.php)
 
and edit the exploit with site name, email and password.
ADD THE FACEBOOK WIDGET CODE HERE