Populum 2.3 – SQL Injection

Exploit Database
6 阅读

作者： SiLeNtp0is0n

日期： 2010-01-13
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11126/

# Exploit Title: Populum SQL injection vulnerability
# Author: -[SiLeNtp0is0n]-
# Version: 2.3

::::::::::::::ProUd to Be InDiaN::::::::::::::

~AuthoR : -[SiLeNtp0is0n]-
~Vuln. App : Populum version 2.3
~App Detail : Content management software for hybrid blog/media/commerce communities
~VuLneraBiLity : SQL injection
~DoRk : "Powered by Populum"
~My HoMe : www.andhrahackers.com
~gReetZ : Mr.XXXX ShRushe tRif0Rce h3LLb0y bRonRiC
~SpL gReetZ : TeamICW

:::::::::::::::::::::::::::::::::::::::::::::::

Vulnerable :

127.0.0.1/populum/diarypage.php?did=[SQL injection]
127.0.0.1/populum/link.php?id=[SQL injection]

last Exploits
Populum 2.3 – SQL Injection的更多信息

Mitel AWC – Command Execution：
Alienvault Open Source SIEM (OSSIM) – ‘Timestamp’ Directory Traversal：
WordPress Plugin ThreeWP Email Reflector 1.13 – Persistent Cross-Site Scripting：
jbShop e107 7 CMS Plugin – SQL Injection：
2Moons 1.4 – Multiple Remote File Inclusions：
TextPattern CMS 4.8.7 – Remote Command Execution (RCE) (Authenticated)：
MobileShop master v1.0 – SQL Injection Vuln.：
Joomla! Component Property – Local File Inclusion：