WHMCS Hacking with Sumbit Ticket exploit
Posted on
- Saturday, 5 May 2012
- Minhal Mehdi
- Labels: Exploit, web Application Security, website Hacking
Hi Mates !
Today we are going to learn, how to Hack WHMCS or you can say its submit ticket exploit ,through which we will we will get the cpanel username and password of hosting panel and website hosted on that whmcs.
lets start
step 1
Get a website which provide hosting and find out the option " submit ticket"
step 2
now open submit ticket option and click on sales department
step 3
now we have to fill the following
info like "name , email address, urgency put any random info is these fields and main thing is subject filed"
fill this code in subject field
and scroll down fill the Captcha click the submit button
we will be redirected to next page where it will show cpanel username and password
boom ! you have cpanel usernames and passwords of hosting panel,website hosted on that server
if you are lucky , you may also get the FTP and SMTP passwords too !
ok it was all about the the cpanel,FTP and SMTP passwords if whmcs dont have any website hosted on it you wont get anything then ????????
dont be sad :)
we have one more trick and this will help you to upload the shell on whmcs website :)
how ???
lets move :)
come back to the submit ticket page put any random info in email,name and urgency field
main step is to put the php code in subject field this time we are going to put the php code, if it got executed successfully we will get a uploader on the website through which we will be able to upload shell on the website so lets start
fill the any random info in other fields and put this php code in subject field
Today we are going to learn, how to Hack WHMCS or you can say its submit ticket exploit ,through which we will we will get the cpanel username and password of hosting panel and website hosted on that whmcs.
lets start
step 1
Get a website which provide hosting and find out the option " submit ticket"
step 2
now open submit ticket option and click on sales department
step 3
now we have to fill the following
info like "name , email address, urgency put any random info is these fields and main thing is subject filed"
fill this code in subject field
and scroll down fill the Captcha click the submit button
we will be redirected to next page where it will show cpanel username and password
boom ! you have cpanel usernames and passwords of hosting panel,website hosted on that server
if you are lucky , you may also get the FTP and SMTP passwords too !
ok it was all about the the cpanel,FTP and SMTP passwords if whmcs dont have any website hosted on it you wont get anything then ????????
dont be sad :)
we have one more trick and this will help you to upload the shell on whmcs website :)
how ???
lets move :)
come back to the submit ticket page put any random info in email,name and urgency field
main step is to put the php code in subject field this time we are going to put the php code, if it got executed successfully we will get a uploader on the website through which we will be able to upload shell on the website so lets start
fill the any random info in other fields and put this php code in subject field
fill the captcha click enter, now first of all , have a look on the submit ticket url
for example
http://www.website.com/client/submitticket.php
so to get the uploader replace the submitticket.php with downloads/indexx.php
remember its indexx.php,when code will execute , it will create indexx.php and its uploader
so open the url
http://www.website.com/client/downloads/indexx.php
you will see file upload option !
browse the shell and click upload after uploading shell
opn the url
http://www.website.com/client/downloads/shell_name.php
hell yeah
owned :D