AMSS++ version 4.2 suffers from a remote SQL injection vulnerability.
a0c471ac6c5acba2071f2f18f384bec9
====================================================================================================================================
| # Title : AMSS++ v 4.2 Sql Injection Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 FranASSais V.(Pro) / browser : Mozilla firefox 65.0(32-bit) |
| # Vendor : http://amssplus.ubn4.go.th/amssplus_download/ |
| # Dork : a1a,a,dega,a,3a1a,<<a1a1a,a1a,a,PSa,2a,SSa1a,a,a,PSa1 Google Chrome "AMSS++" |
====================================================================================================================================
poc :
[+] Dorking Adegn Google Or Other Search Enggine.
[+] Use payload : /modules/mail/main/maildetail.php?id=174
[+] http://127.0.0.1/cri1amss/modules/mail/main/maildetail.php?id=174 <==== inject here
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh |
|
=======================================================================================================================================