PicoPublisher 2.0 SQL Injection

2012-03-29 / 2012-11-22
Credit: ZeTH
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title : PicoPublisher v2.0 Remote SQL injection # Date : 29/03/2012 # Author : ZeTH # Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com # Vendor : Pico Software # Site : http://pico.no/ # Version : 2.0 # Price : $29,00 # Demo : http://picopublisher.com/demo/ # Dork : intext:"Drives med PicoPublisher" ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: --[1]-- Introduction PicoPublisher business software PicoPublisher is a product from Pico Software [Manage your website] PicoPublisher makes it easy to manage your website. With the built in templates you can add columns, slideshows, tabs, boxes and videos directly from the text editor. [Manage your customers] CRM systems are often too expensive for small businesses. With PicoPublisher you can manage your customers just as easy as your website. And at the same place! [Create invoices] Create professional PDF invoices in seconds. Add products to the database and insert products to the invoice directly. You will get notifications when invoices are overdue. --[2]-- Vulnerability Files : [+] page.php [+] single.php Attack Method : Remote SQL injection POC : [+] http://site/page.php?id=SQLi [+] http://site/single.php?id=SQLi Tables : +-------------------+ | customers | expenses | gallery_category | gallery_photos | invoice_reminders | invoices | invoices_product | menu_items | menus | notes | options | orders | orders_product | pages | pico_comments | pico_config | pico_karma_voted | posts | product_list | users +-------------------+ --[3]-- Greetz hacktheplan8 [hellcome to new friends kasp3r, Pitung] MainHack Brotherhood, Kecoak Elektronik, Echo packetstormsecurity, exploit-db, 1337day Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo, Furkan, pizzyroot, H312Y

References:

http://www.hacktheplan8.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top