phpCOIN

Forum Rules Security Announcements

Security related public announcements by phpCOIN personnel. This forum can NOT be posted to by the public

  Reply to this topicStart new topic

> Reported Exploits Of Phpcoin V1.6.5 Websites, Full Disclosure
lightman
Posted: October 20, 2010 05:58 pm
Quote Post


The Janitor
***

Group: Admin
Posts: 3,638
Member No.: 3
Joined: August 25, 2006



We have received a total of 4 reports regarding possible website/server exploits that used phpCOIN v1.6.5 as an attack vector.

Access logs supplied show calls including 'POST /mod.php?mod=siteinfo'

We are giving this the highest priority.

Our thanks to all the users who bothered to write in and give us details.


--------------------
***** Unless otherwise stated, all replies refer to the following *****
====================================================================
--- The latest unmodified version of phpCOIN available from the phpCOIN download page on the date and time of this post.
--- All relevant HotFix files applied - One of the four included unmodified themes - The original language files .
--- Help will be given to install/configure/use phpCOIN, but not programming help to modify phpCOIN operations. If you are competent enough to make programming changes, you should be competent enough to read the source code and figure things out :)
PM
Top
lightman
Posted: December 16, 2010 09:28 am
Quote Post


The Janitor
***

Group: Admin
Posts: 3,638
Member No.: 3
Joined: August 25, 2006



As a result of testing, we discovered that input passed by GET or POST URL's was being inadequately sanitized before being parsed by the fileset

We have released a HotFix which is rated PATCH NOW.

Please see Security HotFix for phpCOIN v1.6.5


--------------------
***** Unless otherwise stated, all replies refer to the following *****
====================================================================
--- The latest unmodified version of phpCOIN available from the phpCOIN download page on the date and time of this post.
--- All relevant HotFix files applied - One of the four included unmodified themes - The original language files .
--- Help will be given to install/configure/use phpCOIN, but not programming help to modify phpCOIN operations. If you are competent enough to make programming changes, you should be competent enough to read the source code and figure things out :)
PM
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topic

 


Inscrita el Registro Mercantil de Mallorca Tomo 2140, Hoja No. PM-51034, Folio 135
This website owned and operated by: Technology Services RPVW S.L. CIF# B57345084
Avda Constitucion 48 Bajos Alaro 07340 Baleares SPAIN
Tel:+34 971518362    Fax: +34 971518368    eMail: support@phpcoin.com