# Date: 17/03/2010
# Software Link: http://sourceforge.net/projects/pn-formexpress/
# Version: 0.3.2
####################################################################
       PostNuke ContentExpress Module Blind Sql Injection
        Reported by Sharif University of Technology CSIRT
      Vulnerability Analysis and Penetration Testing Group
                  cert.sharif.edu , nsc.sharif.edu
####################################################################

===[ POC ]===
Vulnerability occurred in form_id parameter of FormExpress Component in Postnuke
 /index.php?module=FormExpress&func=display_form&form_id=1'
 The Attacker could read content of the database via blind sql injection methods (like ascii(substring))
####################################################################