Hacking WHMCS [TUT] 2013

Hi guys. Today i will be showing how to hack a WHMCS via symlinking so lets get started.
Things you will need:
1) Shelled website
2) Tool i will post at the end of the tutorial
3) Putty
4) Symlink script
5) MySQL manager
What is WHMCS?
Code:

“WHMCS is an all-in-one client management, billing & support solution for online businesses. Handling everything from signup to termination, WHMCS is a powerful business automation tool that puts you firmly in control”

DEMO: http://demo.whmcs.com/
ADMIN AREA DEMO: http://demo.whmcs.com/admin/login.php
How do i find if my server has WHMCS?
That is easy
Check your kernel. Usually it will be like:

Code:

Linux ns1.hosting.com x.x.xx-xxx.xx.x.xxx #1 SMP xxx xxx x xx:xx:xx EST 2012 x86_64

If your kernel has something like "ns1.hosting.com" in your kernel that means WHMCS is installed on that site.

So go to the hosting.com and you will probably find it.
Or you can google dork it:

Code:

site:hosting.com inurl:/admin/login.php "WHMCS"

Exploiting
First off we need to find our hostings path.
So do

Code:

cat /etc/passwd

or just view the /etc/passwd file to find all the users on the hosting.
Once you did that save it to the .txt file somewhere.
In my example i got lucky and found the path easy. (There was WordPress installed so i viewed wp-content/plugins/akismet/legacy.php which gave me full path)
But usually you can find it by the URL.
Now i know my site's path:
Code:

/home/user/public_html/

And WHMCS path is /hosting/ so my goal file is configuration.php located in
Code:

/home/user/public_html/hosting/configuration.php

Okay, now make a new folder in your shell.
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script
We will now try to access the file mentioned above.
Next thing i want to is to enter the folder and upload the script
In that box enter the path and the file you want:
Code:

/home/user/public_html/hosting/configuration.php

Press go and you now get something like this:
Press on symlink and it will open a new page.
Notice how the site is blank. That means it worked.
Right click -> View source and our targets database will be there.
Getting access to the WHMCS
Now that you managed to get configuration info from the site you now need to connect to the MySQL base and create a new administrator.

Open our mysql.php script (Provided on the end of the tutorial) and enter credentials (Username and password)
When you are logged in on the main database click "Tables".
NOTE: You can press "Dump" to save all info in the database!
You got a list now. Good.
Find tbladmins and click "Data"
From there you can edit/add admin users.
As you can see i added a new user so i can access it later.
Now i login with the new user i created
Now i have tool for this cases
There you can manage cPanels, dump them, view CC info and rest of the BH shit. :)

Facebook Open URL Redirection 2013

Hi, everyone. Today I'm going to disclose my Facebook Bug to the public. I found this bug on 11 September 2013, but I was disappointed to hear from the Facebook Security "Emrakul" that a previous reporter had reported that bug before me.:( But they have fixed the vulnerability so I'm going to disclose it.
Descriptions:
Title           :  Open URL Redirection
Status        :  fixed
Severity     :  Low
Works on  :  Any browser with any version
I found the redirection on the "/dialog/feed/" after "www.facebook.com".

1. The user may be redirected to an untrusted page that contains
malware which may then compromise the user's machine.
 
2. The user may be subjected to phishing attacks by being redirected
to an untrusted page.
 
3. This bug can be applicable to any user who are signed in facebook.
repro:
If any signed facebook user clicks any one of the following link,they will be redirected into our desired 

pages. URL Shortners can be used to mask malicious links.
Note: You must be signed into a facebook account to redirect sites.

 VULNERABLE URL's
 
https://www.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%

2C%C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_

ok=Okay&_path=feed%2F&redirect_uri=http%3A%2F%2Fgoogle.com&display=touch&from_post=1
 
https://m.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%

C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=

Okay&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1
 
https://touch.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%

C2%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=Okay

&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1
 
https://beta.facebook.com/dialog/feed/fb_dtsg=AQCRqLbh&charset_test=%E2%82%AC%2C%C2

%B4%2C%E2%82%AC%2C%C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84&error_ok=Okay

&_path=feed%2F&redirect_uri=http://google.com&display=touch&from_post=1

 By deleting "AQCRqLbh" after "fb_dtsg="  and "%E2%82%AC%2C%C2%B4%2C%E2%82%AC%2C%

C2%B4%2C%E6%B0%B4%2C%D0%94%2C%D0%84" after "charset_test=" also we can redirect to 

the desired website.
 
You just have to change the http://google.com your desired malicious link.

This was said in the original message received by me from the facebook security.

Hi,
 
We're already aware of this issue because a previous reporter sent this in to us. 

We're working to fix it but we won't be able to reward you. We appreciate you taking the time 

to find and send this our way.
 
Thanks,
 
Emrakul
Security
Facebook
 
-----Original Message to Facebook-----
From: xxxxx@hotmail.com
To: 
Subject: Site redirection vulnerability
 
Name: xxxxxxxxxxxx
E-Mail: xxxxxx@hotmail.com
Type: open_redirect
Scope: www