Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: PHP :: bt714.txt

PHP-Gästebuch Ver. 1.60 Beta

ZH2003-12SA (security advisory): PHP-Gästebuch Ver. 1.60 Beta

Published: 23/07/2003

Released: 23/07/2003

Name: PHP-Gästebuch (

Affected System(s): All versions (?) 

Severity: Medium/High

Platform(s): Windows and Unix 

Issue: Information disclosure enables attackers to take administrative 


Author: Trash-80 -



Zone-h Security Team has discovered a serious security flaw in PHP-

Gästebuch Ver. 1.60 Beta and possibly in prior versions.

PHP-Gästebuch is a guestbook system that except a few bugs has functions 

like flooding and webfilter protections ... ;) 



1.guestbookdat contains admin's saved settings for PHP-Gästebuch. Is not 

protected and an attacker can retrieve serious information about the 



2.pwd contains the admin's password which is encrypted by MD5 algorithm.


  ex2:md5 encrypted password: ee21d5f27a8401788147f6f6184ddb11

      md5 unencrypted password: roland


An attacker using a md5 cracker like Cain & Abel (, can crack 

the hash and use the decrypted password in order to login as PHP-

Gästebuch's administrator. 




Protect these two files: guestbookdat & pwd.

The vendor has been contacted.

Trash-80 - operator


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH