Postnuke ContentExpress Module SQL Injection

`# Date: 17/03/2010  
# Software Link: http://sourceforge.net/projects/pn-formexpress/  
# Version: 0.3.2  
####################################################################  
PostNuke ContentExpress Module Blind Sql Injection  
Reported by Sharif University of Technology CSIRT  
Vulnerability Analysis and Penetration Testing Group  
cert.sharif.edu , nsc.sharif.edu  
####################################################################  
  
===[ POC ]===  
Vulnerability occurred in form_id parameter of FormExpress Component in Postnuke  
/index.php?module=FormExpress&func=display_form&form_id=1'  
The Attacker could read content of the database via blind sql injection methods (like ascii(substring))  
####################################################################  
`