Invision Power Board < 3.4.2 Full Path Disclosure

2013.03.04

Credit: Infern0_

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Author: Infern0_
# Contact: balut2@o2.pl
# Vendor: http://www.invisionpower.com
# Vulnerability: Full Path Disclosure
# Vendor informated at: 2 February 2013
# Solution: Upgrade to version 3.4.3 or Disable error display in config files, following this:
# http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors

It works on v.3.4.2 and less.
Will be patched in v.3.4.3. 

To reproduce this issue do this:
http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[]=date&search_term=trolololo

Guilty is variable 'search_app_filters' which wait to receive doubled-array(forums][sortKey]). 
If it doesn't get it correctly then errors with Full Path show up. 

Normal request would looks like this:

http://www.example-site.com/index.php?app=core&module=search&do=search&search_app_filters[forums][sortKey]=date&search_term=trolololo

References:

http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Invision Power Board < 3.4.2 Full Path Disclosure

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.