exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

phpCoin.txt

phpCoin.txt
Posted Apr 2, 2005
Authored by James Bercegay | Site gulftech.org

There is a file inclusion and three SQL injection vulnerabilities in phpCoin versions 1.2.1b and below.

tags | exploit, vulnerability, sql injection, file inclusion
SHA-256 | d6579531282b1a8088e4d5550da01401eba64f0a8ff0d86e00542107fdeb91a9

phpCoin.txt

Change Mirror Download
##########################################################
# GulfTech Security Research March 28th, 2005
##########################################################
# Vendor : COINSoft Technologies Inc.
# URL : http://www.phpcoin.com/
# Version : phpCoin v1.2.1b && Earlier
# Risk : Multiple Vulnerabilities
##########################################################



Description:
phpCoin is a free software package originally designed for
web-hosting resellers to handle clients, orders, invoices,
notes and helpdesk. phpCoin versions 1.2.1b and earlier are
prone to multiple vulnerabilities such as File Inclusion and
SQL Injection.



SQL Injection:
There are three SQL Injection vulnerabilities in
phpCoin v1.2.1b and earlier. Two of the issues are not very
easy to exploit, but one (in the search engine) is very useful.
The SQL Injection issue in the search engine is pretty straight
forward, as entering the query of your choice after breaking out
of single quotes in the search term/keywords field. The other
two SQL Injection issues take place when ordering a product, and
when requesting a forgotten password. When requesting a forgotten
password, neither the username or email fields are safe from SQL
Injection. Also, when ordering a new package you can put an allowed
domain name such as test.ca followed by sql as long as you break
out of the single quotes. It should be noted that these issues
probably will not present themselves if magic_quotes_gpc is on.



File Include Vulnerability:
There is a local file include vulnerability in auxpage.php when
calling the 'page' parameter

http://phpcoin/auxpage.php?page=../../../some/other/file

Using a similar example as above an attacker could traverse out
of the directory and include arbitrary files to be read or executed.



Solution:
The guys at phpCoin worked very quickly to get a fix out, and a fix
has been available for a while now. Upgrade your vulnerable version.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00065-03292005



Credits:
James Bercegay of the GulfTech Security Research Team

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005


Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close