Search | Research | Contact Us Wednesday December 21, 2021
Languages
Most Viewed Items
  1 PHPXMLRPC Library Remote Code Execution
  2 Multiple Invision Power Board Vulnerabilities
  3 eBay And Amazon Still Vulnerable
  4 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities
  5 Woltlab Burning Board SQL Injection Vulnerability
  6 When Small Mistakes Can Cause Big Problems
  7 Multiple Vulnerabilities In phpWebsite
  8 Critical Vulnerability In Help Center Live
  9 dbPowerAmp Buffer Overflow And DoS Vulnerabilities
10 Document Object Model Hijacking Explained
Need Secure Code?
Quick Search
You can use the form below to search our site. Just enter the keywords to search.
Home Services Archives Research Downloads Contact
phpCoin Multiple Vulnerabilities
March 29, 2022
Vendor : COINSoft Technologies Inc.
URL : http://www.phpcoin.com/
Version : phpCoin v1.2.1b && Earlier
Risk : Multiple Vulnerabilities


Description:
phpCoin is a free software package originally designed for web-hosting resellers to handle clients, orders, invoices, notes and helpdesk. phpCoin versions 1.2.1b and earlier are prone to multiple vulnerabilities such as SQL Injection and File Inclusion vulnerabilities. A new version has been released, and users should upgrade as soon as possible.


File Include Vulnerability:
There is a local file include vulnerability in auxpage.php when calling the 'page' parameter

http://phpcoin/auxpage.php?page=../../../some/other/file

Using a similar example as above an attacker could traverse out of the directory and include arbitrary files to be read or executed.


SQL Injection Vulnerability:
There are three SQL Injection vulnerabilities in phpCoin v1.2.1b and earlier. Two of the issues are not very easy to exploit, but one (in the search engine) is very useful. The SQL Injection issue in the search engine is pretty straight forward, as entering the query of your choice after breaking out of single quotes in the search term/keywords field. The other two SQL Injection issues take place when ordering a product, and when requesting a forgotten password. When requesting a forgotten password, neither the username or email fields are safe from SQL Injection. Also, when ordering a new package you can put an allowed domain name such as test.ca followed by sql as long as you break out of the single quotes. It should be noted that these issues probably will not present themselves if magic_quotes_gpc is on.


Solution:
The guys at phpCoin worked very quickly to get a fix out, and a fix has been available for a while now. Upgrade your vulnerable version.


Credits:
James Bercegay of the GulfTech Security Research Team