WHMCS 5.2.8 Vulnerability

Here We Go again Po0r WHMCS new version again got exploited!

THIS TIME IT’S again the same mistake in

/includes/dbfunctions.php

WE Can manipulate the GET/POST variables and end up with something like $key = array(‘sqltype’ => ‘TABLEJOIN’, ‘value’ = ‘[SQLI]’);

FROM THIS VULNERABILITY
WE CAN EVEN change /configuration.php whatever we want (PHP code included)

SO Re-edit Your Previous WHMCS.py exploit script and ENJOY!

Exp:

原文链接:,转发请注明来源!

发表评论

要发表评论,您必须先登录