SecurityTracker.com Archives - phpCOIN Lets Remote Users Inject SQL Commands and Execute Arbitrary Files on the Target System

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us | Help |

SecurityTracker
Archives

Welcome to SecurityTracker!

Click to Sign Up

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Sign Up!

Category: Application (Generic) > phpCOIN

Vendors: phpcoin.com

phpCOIN Lets Remote Users Inject SQL Commands and Execute Arbitrary Files on the Target System

SecurityTracker Alert ID: 1013592

SecurityTracker URL: http://securitytracker.com/id?1013592

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Mar 29 2005

Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Advisory: GulfTech Security Research Team

Version(s): 1.2.1b and prior versions

Description: Some vulnerabilities were reported in phpCOIN. A remote user can execute arbitrary files located on the target system. A remote user can also inject SQL commands.

The 'auxpage.php' script does not properly validate the user-supplied 'page' parameter. A remote user can supply a specially crafted value containing '../' directory traversal characters to view or execute files that exist on the target server.

A demonstration exploit URL is provided:

http://[target]/phpcoin/auxpage.php?page=../../../some/other/file

The software does not properly validate user-supplied input in the search engine query, the username and email fields when requesting a forgotten password, and in the domain name filed when ordering a product. A remote user can supply specially crafted values to execute SQL commands on the underlying database. This may require that 'magic_quotes_gpc' be turned off.

James Bercegay of the GulfTech Security Research Team reported this vulnerability.

Impact: A remote user can view or potentially execute files that exist on the target system.

A remote user can execute SQL commands on the underlying database.

Solution: The vendor has issued a fixed version (1.2.2), available at:

http://www.phpcoin.com/auxpage.php?page=download

Vendor URL: www.phpcoin.com/ (Links to External Site)

Cause: Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

 

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2005, SecurityGlobal.net LLC