WHMCS Security Advisory 2020-01-28
Just looking for some info.
How is this issue exploitable? What can be gained if it is exploited? Is it High Risk?
This discussion has been closed.
Just looking for some info.
How is this issue exploitable? What can be gained if it is exploited? Is it High Risk?
Comments
Sorry but this is most likely black hat. Your account is found on some other major black hat forum. The way you phrase the question feels like you are trying to exploit it.
Is it safe to say that you are searching for exploit to potentially break into some MineCraft hosts that you don't like?
(Cross-posted)
食之无味 弃之可惜 - Too arduous to relish, too wasteful to discard.
Yes. Everything can be exploited with time and patience. No, you won’t find that here.
@Arion4384 Congrats on your first post.
Agreed. Thank you for your work!
Through the vendor directory according to the WHCMS docs. As this is not a black hat forum as pointed out by @FAT32 we will not write you a tool to exploit this.
Every piece of data the user that runs the PHP process can access (and possibly more with the user of other non-WHCMS related exploits), including but not limited to database entries and possibly access credentials for services sold through WHCMS if left unchanged after purchase.
If you care about your customers: yes.
I don't play Minecraft, no. Been offered a reward for a successful PoC to gain a shell.
We don't do that here. You're likely better off elsewhere.
My pronouns are like/subscribe.
Why don't you just leave then? Your kind is not welcome.