Whmcs 5.2.7爆SQL注入漏洞

Whmcs 5.2.7爆SQL注入漏洞 localhost.re大牛在爆solusvm漏洞后沉寂了几个月又爆出了whmcs的SQL注入漏洞。 每篇文章还是依旧带一张搞笑得gif图片 漏洞文件 /includes/dbfunctions.php:<?php function update_query($table, $array, $where) { #[...] if (substr($value, 0, 11) == 'AES_ENCRYPT') { $query .= $value.','; continue; } #[...] $result = mysql_query($query, $whmcsmysql); } ?>另外还附带了Python的EXP#!/usr/bin/env pytho ---->>阅读完整内容
2013-10-03
管理系统
whmcs

Whmcs IPMI模块

yum install OpenIPMI OpenIPMI-tools登陆whmcs后台》设置》产品/服务》相关产品》自定义字段》分别添加ipmiip/ipmiuser/ipmipass 类型为文本框的字段下列代码保存路径modules/servers/ipmi/ipmi.php<?php //save as [whmcs]/modules/servers/ipmi/ipmi.php function ipmi_ClientArea($params) { // Output can be returned like this, or defined via a clientarea.tpl ipmi file (see docs for more info) $ipmiip = $params['customfields']["ipmiip"]; $ipmi ---->>阅读完整内容
2013-06-22
管理系统
whmcs
IPMI