CVE-2005-1384

phpCoin 1.2.2 - SQL Injection via Search Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1384. PoCs published by Dcrab.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in PHPCoin by injecting malicious input into the 'dtopic_id' and 'dcat_id' parameters. Successful exploitation could lead to unauthorized data access or manipulation.

Description

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Dcrab · textwebappsphp

https://www.exploit-db.com/exploits/25569

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in PHPCoin by injecting malicious input into the 'dtopic_id' and 'dcat_id' parameters. Successful exploitation could lead to unauthorized data access or manipulation.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHPCoin

No auth needed

Prerequisites: Access to the vulnerable PHPCoin application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Dcrab · textwebappsphp

https://www.exploit-db.com/exploits/25568

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in PHPCoin, where unsanitized user input in the 'phpcoinsessid' parameter can be exploited. It includes a sample URL demonstrating the injection point but lacks executable exploit code.

Classification

Writeup 80%