Sunday, October 20, 2013

|| WHMCS 0day Auto Exploiter <= 5.2.8 by g00n Team Xploiters ||





So basically, you just need to crack hashes... 
In some cases just Google the hash and you'd get the password. Then log in to WHMCS and....

Scanned results are also saved in a text file: WMCS-Hashes.txt


Here is the PHP code that you must save as WHMCS-Fucker.php:
http://pastebin.com/cuikqkhA
Here are some sample dorks that you can use:
inurl:submitticket.php site:.com
inurl:submitticket.php site:.net
inurl:submitticket.php site:.us
inurl:submitticket.php site:.eu
inurl:submitticket.php site:.org
inurl:submitticket.php site:.uk
intext:"Powered by WHMCompleteSolution"
intext:"Powered by WHMCompleteSolution" inurl:clientarea.php
inurl:announcements.php intext:"WHMCompleteSolution"
intext:"Powered by WHMCS"
You can derive hundreds of more dorks, using the samples above.

source:-xploiter.net

3 comments: