Text :  


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\
0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit
0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 Sweet Algerien Haxzor
1 ######################################
Exploit Title: FCMS_2.3 SQL injection
Date: 26/08/2010
Author: Sweet
Contact : charif38@hotmail.fr
Software Link: www.familycms.com/
Download: www.familycms.com/downloads/
Version: 2.3
Tested on: WinXp sp3
Risk :hight
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

SQL injection

a single quote on the POST parametre user is enought to make an anomaly on
the database


http://www.example.com/FCMS_2.3/

screenshot: http://img825.imageshack.us/img825/9276/sanstitrent.jpg

thx to Milw0rm.com , JF - Hamst0r - Keystroke , inj3ct0r.com ,
exploit-db.com

Saha Ftourkoum et 1,2,3 viva L'Algerie :))

  References :  

None