A web application using PHP-Gastebuch has been reported to be prone to information disclosure. The PHP-Gastebunch fails to control the access of a vulnerable application to sensitive files in the server. Using this attack, an attacker can gain access to sensitive files like administrative MD5 password hashes. Through this vulnerability, a remote user can gain access to and view the ‘guestbookdat’ file. This file contains the administrator’s settings for the application. A remote user can also access the ‘pwd’ password file. This file contains the administrator’s MD5-hashed password. Many sites allow an attacker to access the ‘guestbookdat’ file to view the administrator’s settings for the application and can access the password file.
Some web application uses a gaestebuch for user-provided information. This information is used as feedback. Some of these web applications use PHP-Gastebuch 1.60 or lower versions of it. The obsolete versions of this PHP will provide the attacker with access to sensitive data.
The attacker can check if the application is facing this issue by executing the following URL in the web browser.
If the response from the server is positive. Then, the attacker will use the below URL to gain access to passwords in the application.
A remote user can view information about the application’s configuration. A remote user can also access and view the encrypted administrator password. Using this vulnerability, an attack can:-
Beagle recommends the following fixes:-