Hloun Support Management System 3.0 SQL Injection / Bypass

fixhashuser$COOKIE'onlineadmin'; $userquery = "SELECT FROM member WHERE username='".$memberhash'username'."' AND password='".$memberhash'password'."'"; $member = $hloun-db-fetcharray$userquery; $groupquery = "SELECT FROM group WHERE id='".$member'group'."'"; $group =...