There is a specific url when entered that allows someone to select userdata from mysql (I'm not entirely comfortable with posting that url here, but if you PM me I will provide it).
When I used it on my site via viewusers.php this came up:
A fatal MySQL error was encountered.
Query: SELECT author.penname as penname FROM...Error: (1146) Table 'table' doesn't exist
I didn't spend time trying to actually attack my page, hence the error, but I assume that if it was -trying- to select a table then it is possible. I don't know if this is on just my site or everyones though. I tried a few other people's and sometimes it worked sometimes it didn't.
While I don't have the url you were using and am even a little unclear on what you were trying to do, The error you posted does not point to the script being vulnerable. Almost everything you do in eFiction involves MySQL queries to pull information from the database and put it on your page.
I'm sure that Tammy will be contacting you about the specifics, but I just didn't want anyone to panic.
The error you posted does not point to the script being vulnerable.
I'm not sure how much useful it would be for hackers, but users shouldn't be able to choose from exactly which table the data is selected, should they? 
The wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular? (1920)
^^ That's what I thought, but I really don't know much about coding except for modding - so I could be making a deal out of nothing. It just seemed peculiar to me.
I just did a bit more of investigation, and I can confirm that it is a security bug in eFic3 (<=3.0.2) allowing to get any information from the eFiction tables (or at least authors table).
I also visited Jan's website to test it and yes, I got out e-mails of Lily Elizabeth Snape, elsa and Sindie (from the three most recent stories) (and nothing more, Jan) (all of them were under Yahoo!).
Passwords are encrypted, of course, you cannot log in as another user simply finding out those.
What I suggest is to call corefunctions (or pagesetup) already in the "header.php" as it already uses user input which is only checked in "pagesetup.php".
The wireless music box has no imaginable commercial value. Who would pay for a message sent to nobody in particular? (1920)
Eyedam, I think you're trying something different that Jayleesy. Please PM me what you did if you would.
It'll be a little more complicated than that. You can't call pagesetup.php until after the $tpl variable is set up. Things will have to be rearranged to pull some stuff out of pagesetup.php and put it in header.php
This has been addressed with 3.1
