Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | phpCOIN Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks |
|---|
Categorie: Vulnerability
Posted: 2005-03-02 by ReCall
Views: 424
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Lostmon reported a vulnerability in phpCOIN. A remote user can inject SQL commands and conduct cross-site scripting attacks.
The 'mod.php' and 'login.php' scripts do not properly validate user-supplied input in several variables. Other scripts are also affected.
A remote user can supply specially crafted input to execute SQL commands on the underlying database. Some demonstration exploit URLs are provided:
http://[target]phpcoin/mod.php?mod=siteinfo&id=1'
http://[target]phpcoin/mod.php?mod=faq&mode=show&faq_id=2%20or%201=1
http://[target]phpc oin/mod.php?mod=pages&mode=view&id=25%20or%201=1
http://[target]phpcoin/mod.php?mod=siteinfo&id=4%20or%201=1
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the phpCOIN software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Some demonstration exploit URLs are provided:
http://[target]phpcoin/mod.php?mod=helpdesk&mode=new
%22%3E%3Cscript%3Edocument.write(document.cooki e)%3C/script%3E
http://[target]phpcoin/mod.php?mod=mail&mode=reset&w=user
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
http://[target]phpcoin/log in.php?w=user&o=login&e=u
%22%3E%3Cscript%3Edocument.write(document.cookie)%3C/script%3E
A remote user can obtain information about the target system with the following type of URL:
http://[target]/phpcoin_directory/phpinfo.php
Lostmon reported this vulnerability. credit:Lostmon reported this vulnerability.
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the phpCOIN software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
A remote user can execute SQL commands on the underlying database.
A remote user can obtain PHP configuration information.
Solution: No solution was available at the time of this entry.
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1395
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
