Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 10 Oct 2006 19:30:15 -0400 (EDT)


str0ke said:

index.php seems patched to me.

The following code was in 2.15, which also suggests that the issue
might not exist, at least for index.php:

  $isearch_path = '.';
  define('IN_ISEARCH', true);

  require_once "$isearch_path/inc/core.inc.php";
  require_once "$isearch_path/inc/search.inc.php";

However, there are other uses of $isearch_path later on in the code
(again, 2.15):

  include("$isearch_path/inc/header.inc.php");
  ...
  require_once "$isearch_path/inc/form_internal.inc.php";
  ...
  include "$isearch_path/inc/footer.inc.php";

So, we might want to look into inc/core.inc.php and other include
files for evidence of dynamic variable evaluation or other
functionality that could overwrite $isearch_path for the later
include/require invocations.

Unfortunately, core.inc.php is encoded with the statement "This file
is protected by copyright law and provided under license. Reverse
engineering of this file is strictly prohibited."

At this point, the original report is not provably erroneous without
doing the base64-decode of the protected file and peeking in.  But
since this post is about technical accuracy and not legal matters,
I'll stop there.

- Steve


  By Date           By Thread  

Current thread:
  • Re: The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit Steven M. Christey (Oct 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]