Website URL: https://www.z-cron.com/

Version: 5.6 Build 04

Description: Z-Cron is a task scheduling software that enables Administrators and Users to schedule tasks on a system. Exploit Details: Z-Cron tasks are shared globally throughout the system, enabling any user to open the software, modify a task (which is classified as Insecure Access Control), and have it executed. If the executable is stored in a publicly accessible location, all logged in users will have the task executed.

Video Demonstrating the Exploit: https://youtu.be/hFFhCZ-4qSw

Steps To Reproduce

37470260c2fbd5d5b03c8537b5a159bd.png

03c1b11f2ee07d9b54f5b15dcad35bfc.png

d2d8711d2cccf08df59b7055073d68fa.png

15fc5b1f42db544fe0490046e765d20b.png Above is a screenshot of the task being executed as well as the log files.

Now we’re going to begin the exploitation portion – An unprivileged user can modify the privileged users task

fb7d70eb2ee2a6f82dd857668ab312e7.png

9aff28195dbeaa0b475558fe1c27f5c8.png

bd15e5c2a05e409c6225dfcba6f20be9.png

e93233d30d4797c0174eecc404168144.png

This should be a lesson about access control and how powerful it is when any user can modify something that a privileged user has created.

Credits:

Thank you to @OptionalCTF (https://twitter.com/optionalctf) for editing the video demonstrating the exploit and @OrielOrielOriel (https://twitter.com/OrielOrielOriel) for confirming my sanity throughout this long-long-long night.