PicoPublisher v2.0 Remote SQL injection

vendor:

PicoPublisher

by:

ZeTH

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: PicoPublisher

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: YES

Related CWE: N/A

CPE: a:pico_software:pico_publisher

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

PicoPublisher v2.0 Remote SQL injection

PicoPublisher is a product from Pico Software which makes it easy to manage websites. It is vulnerable to a Remote SQL injection attack which can be exploited by sending malicious SQL queries to the vulnerable parameters 'page.php?id=SQLi' and 'single.php?id=SQLi'. This can allow an attacker to gain access to the database and view sensitive information such as customer details, invoices, orders, etc.

Mitigation:

Input validation should be used to prevent malicious SQL queries from being executed. Additionally, the application should be kept up to date with the latest security patches.

Source

Exploit-DB raw data:

# Exploit Title : PicoPublisher v2.0 Remote SQL injection
# Date : 29/03/2012
# Author : ZeTH
# Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com
# Vendor : Pico Software 
# Site : http://pico.no/
# Version : 2.0
# Price : $29,00
# Dork : intext:"Drives med PicoPublisher"
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- Introduction
PicoPublisher business software
PicoPublisher is a product from Pico Software

[Manage your website]

PicoPublisher makes it easy to manage your website. With the built in 
templates you can add columns, slideshows, tabs, boxes and videos 
directly from the text editor.

[Manage your customers]

CRM systems are often too expensive for small businesses. With 
PicoPublisher you can manage your customers just as easy as your 
website. And at the same place!

[Create invoices]

Create professional PDF invoices in seconds. Add products to the 
database and insert products to the invoice directly. You will get
notifications when invoices are overdue.


--[2]-- Vulnerability
Files :
[+] page.php
[+] single.php

Attack Method : Remote SQL injection

POC :
[+] http://site/page.php?id=SQLi
[+] http://site/single.php?id=SQLi

Tables :

+-------------------+
| customers
| expenses
| gallery_category
| gallery_photos
| invoice_reminders
| invoices
| invoices_product
| menu_items
| menus
| notes
| options
| orders
| orders_product
| pages
| pico_comments
| pico_config
| pico_karma_voted
| posts
| product_list
| users
+-------------------+

--[3]-- Greetz
hacktheplan8 [hellcome to new friends kasp3r, Pitung]
MainHack Brotherhood, Kecoak Elektronik, Echo
packetstormsecurity, exploit-db, 1337day
Paman, Vrs-hCk, OoN_BoY, em|nem, [S]hiro, Martin, xshadow, ElDiablo, 
Furkan, pizzyroot, H312Y