http://cms.rodadewa.net/index.php?id=1 AND ASCII(SUBSTRING((SELECT admin_username FROM admin WHERE admin_id=1),1,1)) = 115
Where 115 is an ascii value. So obviously you can just go through the list of ascii codes til the page gets displayed. Then you know that letter of the username. Wouldn't take much for me to write a script that will loop through the url for each letter with the ascii values and store the value when the html reads what i expect it too. The same thing could be done for the password. Once you get to 32 characters you have the whole hashed password and if it were a dictionary word then a rainbow table could give me the password.
Rodadewa CMS change its name to Xeraphim CMS
what's new on this version 0.2 :
Minor bug fixes in saving the sub-pages
Auto generation of RSS feeds intended to bring more traffic to your website.
Sidebar management. You now can enable / disable the sidebar, you can switch it to right or left, arrange the order of the sidebar boxes. You can insert codes, images, text (adsense, ads etc) in to your sidebar boxes.
The top menu can now be hide (disable) if you are just going to make a one page website.
thx mgandy, at the moment I let it be free to use, however there is a copyright footer link on the script which can only be remove using unique serial number and it can be bought for just $25 / domain installed. I made this script in about 3-4 weeks in my spare time and frankly it keeps on evolving / updating. feel free to try it out on your server