[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

phpCOIN-1.2.2-Full-2005 SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: phpCOIN-1.2.2-Full-2005 SQL Injection
From: stranger-killer@xxxxxxxxxxx
Date: 16 Dec 2005 05:41:00 -0000

This bug can't exploited cuz the sql injection is after [ ORDER BY ]
and then we can't do UNION SELECT with MySQL Server
if the Server is MS-SQL try to do this

0,0;[ New SQL Query ]

//------------//

File Name :- \coin_modules\articels\articles_funcs.php
Line      :- 187
Var       :- $_rec_next
Fix       :-

Line 184 Add This
$_rec_next = intval($_rec_next);
//-----------//
/home/mod.php?mod=articles&mode=list&rec_next=[SQL]

Prev by Date: [ GLSA 200512-07 ] OpenLDAP, Gauche: RUNPATH issues
Next by Date: ZRCSA-200505: libremail - "pop.c" Format String Vulnerability
Previous by thread: [ GLSA 200512-07 ] OpenLDAP, Gauche: RUNPATH issues
Next by thread: ZRCSA-200505: libremail - "pop.c" Format String Vulnerability
Index(es):
- Date
- Thread