[41698] in bugtraq
phpCOIN-1.2.2-Full-2005 SQL Injection
daemon@ATHENA.MIT.EDU (stranger-killer@hotmail.com)
Fri Dec 16 13:15:39 2005
Date: 16 Dec 2005 05:41:00 -0000
Message-ID: <20051216054100.1339.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: stranger-killer@hotmail.com
To: bugtraq@securityfocus.com
This bug can't exploited cuz the sql injection is after [ ORDER BY ]
and then we can't do UNION SELECT with MySQL Server
if the Server is MS-SQL try to do this
0,0;[ New SQL Query ]
//------------//
File Name :- \coin_modules\articels\articles_funcs.php
Line :- 187
Var :- $_rec_next
Fix :-
Line 184 Add This
$_rec_next = intval($_rec_next);
//-----------//
/home/mod.php?mod=articles&mode=list&rec_next=[SQL]
