标题: PicoPublisher v2.0 Remote SQL injection
作者: ZeTH www.2cto.com zeth/at/hacktheplan8/dot/com
开发者: Pico Software http://pico.no/
影响版本 : 2.0
售价: $29,00
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
--[1]-- 介绍
PicoPublisher business software
PicoPublisher is a product from Pico Software
 
[管理你的网站]
 
PicoPublisher makes it easy to manage your website. With the built in
templates you can add columns, slideshows, tabs, boxes and videos
directly from the text editor.
 
[M管理你的顾客]
 
CRM systems are often too expensive for small businesses. With
PicoPublisher you can manage your customers just as easy as your
website. And at the same place!
 
[Create invoices]
 
Create professional PDF invoices in seconds. Add products to the
database and insert products to the invoice directly. You will get
notifications when invoices are overdue.
 
 
--[2]-- 缺陷描述
存在页面 :
[+] page.php
[+] single.php
 
攻击方法: Remote SQL injection
 
POC :
[+] http://www.2cto.com /page.php?id=SQLi
[+] http://www.2cto.com /single.php?id=SQLi
 
Tables :
 
+-------------------+
| customers
| expenses
| gallery_category
| gallery_photos
| invoice_reminders
| invoices
| invoices_product
| menu_items
| menus
| notes
| options
| orders
| orders_product
| pages
| pico_comments
| pico_config
| pico_karma_voted
| posts
| product_list
| users
+-------------------+
 
--[3]-- 修复：
加强上述页面过滤