PicoPublisher 2.0 - SQL Injection

EDB-ID:

18670


Author:

ZeTH

Type:

webapps


Platform:

PHP

Date:

2012-03-28


# Exploit Title : PicoPublisher v2.0 Remote SQL injection
# Date : 29/03/2012
# Author : ZeTH
# Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com
# Vendor : Pico Software 
# Site : http://pico.no/
# Version : 2.0
# Price : $29,00
# Dork : intext:"Drives med PicoPublisher"
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- Introduction
PicoPublisher business software
PicoPublisher is a product from Pico Software

[Manage your website]

PicoPublisher makes it easy to manage your website. With the built in 
templates you can add columns, slideshows, tabs, boxes and videos 
directly from the text editor.

[Manage your customers]

CRM systems are often too expensive for small businesses. With 
PicoPublisher you can manage your customers just as easy as your 
website. And at the same place!

[Create invoices]

Create professional PDF invoices in seconds. Add products to the 
database and insert products to the invoice directly. You will get
notifications when invoices are overdue.


--[2]-- Vulnerability
Files :
[+] page.php
[+] single.php

Attack Method : Remote SQL injection

POC :
[+] http://site/page.php?id=SQLi
[+] http://site/single.php?id=SQLi

Tables :

+-------------------+
| customers
| expenses
| gallery_category
| gallery_photos
| invoice_reminders
| invoices
| invoices_product
| menu_items
| menus
| notes
| options
| orders
| orders_product
| pages
| pico_comments
| pico_config
| pico_karma_voted
| posts
| product_list
| users
+-------------------+

--[3]-- Greetz
hacktheplan8 [hellcome to new friends kasp3r, Pitung]
MainHack Brotherhood, Kecoak Elektronik, Echo
packetstormsecurity, exploit-db, 1337day
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo, 
Furkan, pizzyroot, H312Y