Populum 2.3 - SQL Injection

EDB-ID:

11126

CVE:

N/A




Platform:

PHP

Date:

2010-01-13


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: Populum SQL injection vulnerability
# Author: -[SiLeNtp0is0n]-
# Version: 2.3

::::::::::::::ProUd to Be InDiaN::::::::::::::

~AuthoR : -[SiLeNtp0is0n]-
~Vuln. App : Populum version 2.3
~App Detail : Content management software for hybrid blog/media/commerce communities
~VuLneraBiLity : SQL injection
~DoRk : "Powered by Populum"
~My HoMe : www.andhrahackers.com
~gReetZ : Mr.XXXX ShRushe tRif0Rce h3LLb0y bRonRiC
~SpL gReetZ : TeamICW

:::::::::::::::::::::::::::::::::::::::::::::::

Vulnerable :

127.0.0.1/populum/diarypage.php?did=[SQL injection]
127.0.0.1/populum/link.php?id=[SQL injection]