PHP and Website Security ProjectX

Sneak Preview of The New ProjectX WHMCS Exploiter Tool in VB.Net

Windows WHMCS Exploiter

After the release of the [PHP]ProjectX WHMCS Exploit Tool, one of our members decided to rewrite it in VB.Net with a simple GUI added. The tool is still under development and its devloper whose name is jhael is still adding more payloads for the tool. As of now it only has one payload which is ‘cart.php?a=projectx&templatefile=../../../configuration.php%00’

The purpose of this tool is to distribute it freely to Windows users and to people who don’t know how to use a PHP script or host a file in a hosting site. So just tune in guys and visit our blog from time to time in order to be updated with our latest developments and news about Information Security.


*In .EXE Format
* 1 Payload Script
* Gets the db_username and db_password

-More features to be added

Related Articles:

ProjectX WHMCS Exploit Tool

The Growing Attacks of WHMCS Local File Disclosure Vulnerability


  1. i don’t know why i ended up on this page after googling for information
    technology, but whoever wrote this article, he or she must have lost
    it completely. i’m a Fraud & Information Security Advisor in France and
    i’m telling you this article is NOT about ‘information security’, this is
    black-hat hacking and an encouragement to others to become one. you’re
    lucky the authorities in your country haven’t got into this yet. if you
    really mean “SECURITY” focus on the solution pal, NOT on the problem!
    i’ll keep in touch on this site, hopefully there’d be some improvement.

    (please take this comment as a constructive criticism; if this comment has been disapproved then i was right)

    1. Author

      Hello Ludovice,

      That’s good to hear that you care about us. However we also find ways to fix the solution pal. The aim of our tool is to check the vulnerability of WHMCS, it’s an exploiter tool but at the same time a pentesting tool. Check our other articles and this article about the solution to the problem of WHMCS Local File Disclosure:

      The aim of this blog is to promote security awareness and how attacks are done. We do apologize for the inconvenience if you find us as blackhats put please do look on our other articles.

      Also I think it would totally be wrong to call a person a blackhat if he develops a tool that checks the vulnerability of a certain website or any exploit tools. Take for example Backtrack-Linux OS and Aircrack-ng Suite, these tools are good auditing tools. The best way to secure the network is also to try to attack it. Correct me if I am wrong since we also make mistakes.

  2. yes, i’ve read your other articles that’s why i made the comment. please don’t get me wrong my friend but if you could only see your articles the way WE see it here, then you’ll know what i mean. i think you should re-read your articles first, or have other people read it for you and ask them for feedbacks. these things are dangerous enough if it falls to the wrong hands. just like what i said: the focus should be on solution. please, don’t sensationalize the exploit part.

    just a friendly advice, here’s how we see it from here (based on this one article, as well as the others):
    TITLE: ‘…The New ProjectX WHMCS Exploiter Tool’ (if you were really focusing on the solution, this could be something like, ProjectX’s WHMCS Vulnerability Checker, not a tool for exploiting)
    CONTENTS: one of my colleague respond after reading your articles, “i could get rich! now i can have all their credit card numbers since i would be able to access the database server” (i don’t think that denotes a solution)
    TAGS: this is worst! “Hacking Programs,” “ProjectX Dark Coding,” “Vulnerability Exploiter”

    There’s an old saying, ‘it doesn’t matter what you do, it’s HOW you do it’ and ‘it doesn’t matter what you say, it’s HOW you say it’

    Goodluck with it! and my friend rasic here would like to say, ‘goodluck with the feds!’


Leave a Reply