IDK if this is good but if it is then fail whmcs 4.3.1 most recent was testing my website on a lazy afternoon with w3af and this is what it found /whmcs/cart.php?a=add&pid=1", using HTTP method POST. The sent post-data was: "...tld[2]=1' or BENCHMARK(2500000,MD5(1)) or '1'='1...". This vulnerability was found in the request with id 3242.
Blind sql injection. My knowledge isn't to great when it comes to sql. I havn't seen it anywhere yet so you could maybe get a shell on burst.net and have the most powerfull shell in the world and spread it on 1000 on dedis on there network.
Is that the newest version? As thats pretty serious, BSQLi is a pretty easy attack to learn and definately serious
Yes it is and they work as far as im concerned since i got emails from w3af and thats was my admin email. That means its capable of jacking all the emails on it and maybe more. There staff doesnt do anything i told them i found a blind sql vul they said its a false positive...
I can do some simple sql injection but i don't understand all the data that gives me when a vul is found. I found 8 sql vul and the scan wasn't over.