Bugtraq mailing list archives
Re: Vulnerabilities in phpCOIN
From: Susan Bradley <sbradcpa () pacbell net>
Date: Fri, 09 Apr 2010 14:28:27 -0700
About Us: http://phpcoin.com/mod.php?mod=siteinfo&id=4It is with profound sorrow, sadness and regret, that COINSoft Technologies Inc. must announce the death of their lead developer Stephen M. Kitching (cantex) after a mercifully short battle with cancer.
Stephen was both an inspiration and good friend to everyone who knew and worked with him. He will be greatly missed, and his ingenuity and work will live on in the thoughts of all those, who were and will be touched, by the contributions he made to the software he dedicated his life to.
Our deepest sympathies, hearts and prayers go out to Steven's family and friends.
-------------If I were a customer of theirs I'd be cutting them some slack. I'm just sayin'.
MustLive wrote:
Hello Bugtraq! I want to warn you about security vulnerabilities in system phpCOIN. ----------------------------- Advisory: Vulnerabilities in phpCOIN ----------------------------- URL: http://websecurity.com.ua/4090/ ----------------------------- Affected products: phpCOIN 1.6.5 and previous versions. ----------------------------- Timeline: 17.03.2010 - found vulnerabilities. 01.04.2010 - disclosed at my site. 02.04.2010 - informed developers. ----------------------------- Details: These are Insufficient Anti-automation and Denial of Service vulnerabilities.The vulnerabilities exist in captcha script CaptchaSecurityImages.php, whichis using in this system. I already reported about vulnerabilities in CaptchaSecurityImages (http://websecurity.com.ua/4043/). Insufficient Anti-automation:http://site/coin_addons/captcha/CaptchaSecurityImages.php?width=150&height=100&characters=2Captcha bypass is possible via half-automated or automated (with using ofOCR) methods, which were mentioned before (http://websecurity.com.ua/4043/).DoS:http://site/coin_addons/captcha/CaptchaSecurityImages.php?width=1000&height=9000With setting of large values of width and height it's possible to create large load at the server. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua
Current thread:
- Vulnerabilities in phpCOIN MustLive (Apr 09)
- Re: Vulnerabilities in phpCOIN Susan Bradley (Apr 12)