sQuo Posted October 25, 2013 Share Posted October 25, 2013 This is the hidden content, please Sign In or Sign Up As these days all the world talking about whmcs exploits like SQL injection special the injection exploits .. i think of the programmer of the whmcs what he will do if he close all the injection ways in the whmcs what we can do ? xss some people will say if the admin panel changed it's not matter or if there are the security token so i want to challenge them to prof my conecept to them .. first we have an xss in the whmcs and it was in admin panel or out of the panel not matter in this mode .. so let me say the xss was here This is the hidden content, please Sign In or Sign Up we can do best than getting cookie and reused it we can add admin through csrf or uploading shell if you are good in programming ( php & js ) here my code to bypass the security token and add admin in whmcs script This is the hidden content, please Sign In or Sign Up how to use it This is the hidden content, please Sign In or Sign Up which the exploit.js are the code above By Mast3r~KSA Link to comment Share on other sites More sharing options...
Recommended Posts