WHMCS - Local File Disclosure Exploit Tutorial

Today i'll tell you something about WHMCS - Local File Disclosure Vulnerability and will also tell you, how to use this vulnerability.
Note:-Before we begin, I suggest, install the noscript addon in firefox. If you using this addon, the requested pages doesnt redirect and get the right Pages. And there is also a way to use Acunetix to get the pages in case of URL redirection. You can download this addon from here.


So now lets begin:-

• First find a vulnerable site using Google Dork: inurl:"cart.php?a="
• I have already one site, it will look something like this
  
  
• Then change the url from http://www.example.com/cart.php?a=add&pid= to  https://www.example.com/cart.php?a=test&templatefile=../../../configuration.php
  
  
  
  
• As you can see, everything got vanish after executing the exploit, if in case, it doesn't vanished, then try with another site.
• In my case, everything got vanished, so it means this site is vulnerable.
• After executing the exploit, see the page source by pressing ctrl+u. This would look something like this
  
  
• Then scroll down the page until you see something like this
  
  
• Now you have successfully done, use these credentials to connect with database.

You can use Filezilla to connect with database. If Filezilla doesn't help you to connect with database, then try to shelled at-least one site of the same server. Then from there you can easily connect with  database.

Note:- This is only for educational purpose, we will not responsible for any harm or illegal activity done by you.

Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!