phpCOIN vulnerability fix

By Jeroen Sangers on December 16, 2005 | | Comments (0) | TrackBacks (0)

phpCOIN is the software used by BryteNet hosting to manage orders, invoicing and the helpdesk. Tuesday a vulnerability has been discovered allowing atackers to execute remote code on the server.

When a fix was published I immediately installed it on the server, but the site had already been hacked. To make matters worse, the fix files contained errors, which made that phpCOIN did not produce any output. My server error log showed me where the errrors were, and by adding some parentesis I could fix my site. The official fix files are now three days old, and still contain these errors. There are more and more people running into this problem asking for wroking, so I uploaded my fixed files for download. Note that the original fix file contains more files, so you need to install those files first and then overwrite the three files with errors with my copies.

[Update 2005/12/19]: The official fix files have been updated, so my files are no longer necessary.

Categories:

Webdev

Leave a comment

0 TrackBacks

Listed below are links to blogs that reference this entry: phpCOIN vulnerability fix.

TrackBack URL for this entry: http://mt.ai-no.com/mt-tb.cgi/606

About this Entry

This page contains a single entry by Jeroen Sangers published on December 16, 2005.

Longest agent string ever was the previous entry in this blog.

Greetings from Lleida is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.12