WHMCS TICKET EXPLOIT

Please familiarise yourself and beware of these things. Rogue tickets in your system may be a little more dangerous than originally thought. 

WHMCS Hacking with Sumbit Ticket exploit

 
Posted on 
  • Saturday, 5 May 2012
by 
  • Minhal Mehdi
 in 
Hi Mates !
Today we are going to learn, how to Hack WHMCS or you can say its submit ticket exploit ,through which we will we will get the cpanel username and password of hosting panel and website hosted on that whmcs.
lets start
step 1 
Get a website which provide hosting  and find out the option  " submit ticket"
step 2
now open submit ticket option and click on sales department
st1.png (1366×774)
step 3
now we have to fill the following
info like "name , email address, urgency put any random info is these fields and main thing is subject filed"
st2.png (1366×768)
fill this code in subject field


and scroll down fill the Captcha click the submit button
st3.png (1366×768)

we will be redirected to next page where it will show cpanel username and password
boom ! you have cpanel usernames and passwords of hosting panel,website hosted on that server
if you are lucky , you may also get the FTP and SMTP passwords too !
st5.png (1368×610)

ok it was all about the the cpanel,FTP and SMTP passwords  if whmcs dont have any website hosted on it you wont get anything then ????????
dont be sad :)
we have one more trick and this will help you to upload the shell on whmcs website :)
how ???
lets move :)
come back to the submit ticket page put any random info in email,name and urgency field
 main step is to put the php code in subject field this time we are going to put the php code, if it got executed successfully we will get a uploader on the website through which  we will be able to upload shell on the website so lets start
fill the any random info in other fields and put this php code in subject field


fill the captcha  click enter, now first of all , have a look on the submit ticket url 
for example 
http://www.website.com/client/submitticket.php 
so to get the uploader replace the submitticket.php with downloads/indexx.php
remember its indexx.php,when code will execute , it will create indexx.php and its uploader
so open the url
http://www.website.com/client/downloads/indexx.php
you will see file upload option !
st6.png (1368×768)
browse the shell and click upload  after uploading shell
opn the url
http://www.website.com/client/downloads/shell_name.php
hell yeah
owned :D
  • 0 Users Found This Useful
這篇文章有幫助嗎?

Related Articles

TERMS OF SERVICE

 Terms of Service on Checkout Page This simple template addition replaces the Terms of...

WHMCS FREE ADDONS

http://whmcsaddon.comFREE LIVE CHAT FREE TWO FACTOR AUTHENTICATION 

WHMCS HACKER CAUGHT USING EXPLOITS

Known information about a hacker going around Hacking into WHMCS Systems. Going by the name...

WHMCS OATH / TWO FACTOR AUTHENTICATION

https://bitbucket.org/Doctor_McKay/whmcs-oath-addon/src/tip/README.mdDOWNLOAD HERE...

Petition to WHMCS reblogged

Thread: Petition to WHMCS - Please rewrite using good code! Thread Tools...