Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Multiple phpCoin Vulnerabilities

from [GulfTech Security Research] Network Security [Permanent Link]
Subject: Multiple phpCoin Vulnerabilities
Date: Tue, 29 Mar 2005 06:21:24 -0600 
##########################################################
# GulfTech Security Research             March 28th, 2005
##########################################################
# Vendor  : COINSoft Technologies Inc.
# URL     : http://www.phpcoin.com/
# Version : phpCoin v1.2.1b && Earlier
# Risk    : Multiple Vulnerabilities
##########################################################



Description:
phpCoin is a free software package originally designed for 
web-hosting resellers to handle clients, orders, invoices, 
notes and helpdesk. phpCoin versions 1.2.1b and earlier are
prone to multiple vulnerabilities such as File Inclusion and 
SQL Injection.



SQL Injection:
There are three SQL Injection vulnerabilities in
phpCoin v1.2.1b and earlier. Two of the issues are not very
easy to exploit, but one (in the search engine) is very useful.
The SQL Injection issue in the search engine is pretty straight
forward, as entering the query of your choice after breaking out
of single quotes in the search term/keywords field. The other
two SQL Injection issues take place when ordering a product, and
when requesting a forgotten password. When requesting a forgotten
password, neither the username or email fields are safe from SQL 
Injection. Also, when ordering a new package you can put an allowed
domain name such as test.ca followed by sql as long as you break
out of the single quotes. It should be noted that these issues 
probably will not present themselves if magic_quotes_gpc is on.



File Include Vulnerability:
There is a local file include vulnerability in auxpage.php when
calling the 'page' parameter

http://phpcoin/auxpage.php?page=../../../some/other/file

Using a similar example as above an attacker could traverse out
of the directory and include arbitrary files to be read or executed.



Solution:
The guys at phpCoin worked very quickly to get a fix out, and a fix 
has been available for a while now. Upgrade your vulnerable version.



Related Info:
The original advisory can be found at the following location
http://www.gulftech.org/?node=research&article_id=00065-03292005



Credits:
James Bercegay of the GulfTech Security Research Team

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.308 / Virus Database: 266.8.3 - Release Date: 3/25/2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Multiple phpCoin Vulnerabilities, GulfTech Security Research <=
Previous by Date:  Re: DoS of LAN via D-Link switches, Tarmo Mamers
Next by Date:  [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team
Previous by Thread:  abuse & security issues > Israel, Gadi Evron
Next by Thread:  [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior Multiple Vulnerbilities, PersianHacker Team
Indexes:  [Date] [Thread] [Top] [All Lists]