[] NeoSense
E X P L O I T S
title author type platform port cve id

PostNuke FormExpress Module - Blind SQL Injection

Author: Ali Abbasi
type: webapps
platform: php
port: 
date_added: 2010-03-16 
date_updated:  
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comFormExpress-0.3.2.tar.gz
# Date: 17/03/2010
# Software Link: http://sourceforge.net/projects/pn-formexpress/
# Version: 0.3.2
####################################################################
PostNuke ContentExpress Module Blind Sql Injection
Reported by Sharif University of Technology CSIRT
Vulnerability Analysis and Penetration Testing Group
cert.sharif.edu , nsc.sharif.edu
####################################################################

===[ POC ]===
Vulnerability occurred in form_id parameter of FormExpress Component in Postnuke
/index.php?module=FormExpress&func=display_form&form_id=1'
The Attacker could read content of the database via blind sql injection methods (like ascii(substring))
####################################################################

-----
Ali Abbasi
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.