Reported Exploits Of Phpcoin V1.6.5 Websites, Full Disclosure
| phpCOIN Main Site · Forum Guidelines |
 Help
 Search
 Members
 Calendar
|
|
Other phpCOIN Sites: [Live Demo] [Downloads] [Docs] [Bugs] [Wall of Shame] |
|
| Welcome Guest ( Log In | Register ) | Resend Validation Email |
Security AnnouncementsSecurity related public announcements by phpCOIN personnel. This forum can NOT be posted to by the public
  |
Reported Exploits Of Phpcoin V1.6.5 Websites, Full Disclosure| lightman |
Posted: October 20, 2010 05:58 pm
|
 The Janitor  Group: Admin Posts: 3,641 Member No.: 3 Joined: August 25, 2006  |
We have received a total of 4 reports regarding possible website/server exploits that used phpCOIN v1.6.5 as an attack vector.
Access logs supplied show calls including 'POST /mod.php?mod=siteinfo' We are giving this the highest priority. Our thanks to all the users who bothered to write in and give us details. -------------------- ***** Unless otherwise stated, all replies refer to the following *****
==================================================================== --- The latest unmodified version of phpCOIN available from the phpCOIN download page on the date and time of this post. --- All relevant HotFix files applied - One of the four included unmodified themes - The original language files . --- Help will be given to install/configure/use phpCOIN, but not programming help to modify phpCOIN operations. If you are competent enough to make programming changes, you should be competent enough to read the source code and figure things out :) |
|
| lightman |
Posted: December 16, 2010 09:28 am
|
|
The Janitor Group: Admin Posts: 3,641 Member No.: 3 Joined: August 25, 2006 |
As a result of testing, we discovered that input passed by GET or POST URL's was being inadequately sanitized before being parsed by the fileset
We have released a HotFix which is rated PATCH NOW. Please see Security HotFix for phpCOIN v1.6.5 -------------------- ***** Unless otherwise stated, all replies refer to the following *****
==================================================================== --- The latest unmodified version of phpCOIN available from the phpCOIN download page on the date and time of this post. --- All relevant HotFix files applied - One of the four included unmodified themes - The original language files . --- Help will be given to install/configure/use phpCOIN, but not programming help to modify phpCOIN operations. If you are competent enough to make programming changes, you should be competent enough to read the source code and figure things out :) |
|
|
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
 |
|
Powered by Invision Power Board(U) v1.3.1 Final © 2003 IPS, Inc.