CVE-2008-6752

ReVou Micro Blogging Twitter Clone Plugin - Unauthenticated Password Change via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6752. PoCs published by G4N0K.

AI-analyzed exploit summary This exploit changes the admin password of ReVou Twitter Clone by sending a crafted HTTP request. It includes a form for user input and executes a base64-decoded payload to perform the attack.

Description

adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou Micro Blogging does not verify the original password before changing passwords, which allows remote attackers to change the administrator's password and gain privileges via a direct request with modified newpass1 and newpass2 parameters in a Change operation.

Exploits (1)

exploitdb WORKING POC VERIFIED

by G4N0K · phpwebappsphp

https://www.exploit-db.com/exploits/7523

View Code ZIP pw:eip

This exploit changes the admin password of ReVou Twitter Clone by sending a crafted HTTP request. It includes a form for user input and executes a base64-decoded payload to perform the attack.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ReVou Twitter Clone

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1110.001 - Password Guessing T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7523

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/51705

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34851

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33247

Scores

EPSS 0.0635

EPSS Percentile 92.7%

Details

CWE

CWE-20

Status published

Products (1)

revou/revou

Published Apr 24, 2009

Tracked Since Feb 18, 2026