PHP-Gastebuch Disclosing System Information

By
Febna V M
Published on
24 Jun 2018
1 min read
Vulnerability

A web application using PHP-Gastebuch has been reported to be prone to information disclosure. The PHP-Gastebunch fails to control the access of a vulnerable application to sensitive files in the server. Using this attack, an attacker can gain access to sensitive files like administrative MD5 password hashes. Through this vulnerability, a remote user can gain access to and view the ‘guestbookdat’ file. This file contains the administrator’s settings for the application. A remote user can also access the ‘pwd’ password file. This file contains the administrator’s MD5-hashed password. Many sites allow an attacker to access the ‘guestbookdat’ file to view the administrator’s settings for the application and can access the password file.

Some web application uses a gaestebuch for user-provided information. This information is used as feedback. Some of these web applications use PHP-Gastebuch 1.60 or lower versions of it. The obsolete versions of this PHP will provide the attacker with access to sensitive data.

Example

The attacker can check if the application is facing this issue by executing the following URL in the web browser.

http://www.example.beaglesecurity.com/guestbook/guestbookdat

If the response from the server is positive. Then, the attacker will use the below URL to gain access to passwords in the application.

http://www.example.beaglesecurity.com/guestbook/pwd

Impact

A remote user can view information about the application’s configuration. A remote user can also access and view the encrypted administrator password. Using this vulnerability, an attack can:-

  • leak authentication information.
  • reveal the system information of the server.
  • access the user information of each of the application’s users.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • It is best-recommended to protect the following two files:-
    • guestbookdat
    • pwd
  • Try to restrict access to guestbookdat & pwd files.
  • If an application uses a third-party application for using the gaestebuch, then make sure that the application is not a vulnerable version of it.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
Find surface-level website security issues in under a minute
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.