Search for hundreds of thousands of exploits

"AMSS++ 4.7 - Backdoor Admin Account"

Author

Exploit author

indoushka

Platform

Exploit platform

php

Release date

Exploit published date

2020-02-24

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# Title: AMSS++ 4.7 - Backdoor Admin Account
# Author: indoushka
# Date: 2020-02-23
# Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)
# Vendor    : http://amssplus.ubn4.go.th/amssplus_download/amssplus_4_31_install.rar
# Dork      : แนะนำให้ใช้บราวเซอร์ Google Chrome "AMSS++"
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Use Login : admin & 1234

[+] http://127.0.0.1/innoobec/index.php


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================
Release DateTitleTypePlatformAuthor
2020-02-26"PhpIX 2012 Professional - 'id' SQL Injection"webappsphpindoushka
2020-02-24"AMSS++ v 4.31 - 'id' SQL Injection"webappsphpindoushka
2020-02-24"AMSS++ 4.7 - Backdoor Admin Account"webappsphpindoushka
2020-02-20"Easy2Pilot 7 - Cross-Site Request Forgery (Add User)"webappsphpindoushka
2014-05-08"CMS Touch - 'pages.php?Page_ID' SQL Injection"webappsphpindoushka
2014-05-08"CMS Touch - 'news.php?News_ID' SQL Injection"webappsphpindoushka
2014-05-05"PrestaShop - 'getSimilarManufacturer.php?id_manufacturer' SQL Injection"webappsphpindoushka
2014-03-17"OpenSupports 2.0 - Blind SQL Injection"webappsphpindoushka
2013-07-06"phpVibe 3.1 - Information Disclosure / Remote File Inclusion"webappsphpindoushka
2012-06-19"AdaptCMS 2.0.2 - 'index.php' Script Cross-Site Scripting"webappsphpindoushka
2012-04-17"Joomla! Component JA T3 Framework - Directory Traversal"webappsphpindoushka
2012-02-13"Powie pFile 1.02 - '/pfile/file.php?id' SQL Injection"webappsphpindoushka
2012-02-13"Powie pFile 1.02 - '/pfile/kommentar.php?filecat' Cross-Site Scripting"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_time.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_common.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_common.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_iplink.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_class.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'index.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_uaddr.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/base_useradmin.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_sensor.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php' Crafted Arbitrary File Upload / Arbitrary Code Execution"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_alerts.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ipaddr.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_user.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/index.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ports.php?base_path' Remote File Inclusion"webappsphpindoushka
2012-02-11"Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_qry_alert.php?base_path' Remote File Inclusion"webappsphpindoushka
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/48114/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.