PHP-Gastebuch Disclosing System Information

Febna V M
Published on
24 Jun 2018
1 min read

A web application using PHP-Gastebuch has been reported to be prone to information disclosure. The PHP-Gastebunch fails to control the access of a vulnerable application to sensitive files in the server. Using this attack, an attacker can gain access to sensitive files like administrative MD5 password hashes. Through this vulnerability, a remote user can gain access to and view the ‘guestbookdat’ file. This file contains the administrator’s settings for the application. A remote user can also access the ‘pwd’ password file. This file contains the administrator’s MD5-hashed password. Many sites allow an attacker to access the ‘guestbookdat’ file to view the administrator’s settings for the application and can access the password file.

Some web application uses a gaestebuch for user-provided information. This information is used as feedback. Some of these web applications use PHP-Gastebuch 1.60 or lower versions of it. The obsolete versions of this PHP will provide the attacker with access to sensitive data.


The attacker can check if the application is facing this issue by executing the following URL in the web browser.

If the response from the server is positive. Then, the attacker will use the below URL to gain access to passwords in the application.


A remote user can view information about the application’s configuration. A remote user can also access and view the encrypted administrator password. Using this vulnerability, an attack can:-

  • leak authentication information.
  • reveal the system information of the server.
  • access the user information of each of the application’s users.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • It is best-recommended to protect the following two files:-
    • guestbookdat
    • pwd
  • Try to restrict access to guestbookdat & pwd files.
  • If an application uses a third-party application for using the gaestebuch, then make sure that the application is not a vulnerable version of it.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment