AMSS++ v 4.31 - 'id' SQL Injection

vendor:

AMSS++

by:

indoushka

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: AMSS++

Affected Version From: 4.31

Affected Version To: 4.31

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 10 (Pro) with Mozilla Firefox 65.0 (32-bit)

AMSS++ v 4.31 – ‘id’ SQL Injection

The AMSS++ v 4.31 application is vulnerable to SQL Injection. An attacker can exploit the 'id' parameter in the maildetail.php file to inject malicious SQL queries.

Mitigation:

The vendor has not provided a patch or mitigation for this vulnerability. It is recommended to avoid using this software until a fix is available.

Source

Exploit-DB raw data:

# Title : AMSS++ v 4.31 - 'id' SQL Injection
# Author : indoushka
# Tested on: windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit) 
# Vendor: http://amssplus.ubn4.go.th/amssplus_download/amssplus_4_31_install.rar  
# Dork: แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"
# CVE: N/A

# poc :

[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /modules/mail/main/maildetail.php?id=174

[+] http://127.0.0.1/amssplus_4_31_install/amssplus/modules/mail/main/maildetail.php?id=1 <==== inject here


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================