Wiki-how path disclosure
The search function of wikihow is vulnerable to path disclose when an array
type is givin as a search parameter.
Example: http://www.wikihow.com/Special:LSearch?search[]=pie&fulltext=Search
yields:
Warning: urlencode() expects parameter 1 to be string, array given in
/var/www/html/wiki16/includes/SpecialLSearch.php on line 56
Warning: Illegal offset type in isset or empty in
/var/www/html/wiki16/includes/Title.php on line 123
Warning: Illegal offset type in /var/www/html/wiki16/includes/Title.php on line
146
Warning: urlencode() expects parameter 1 to be string, array given in
/var/www/html/wiki16/includes/SpecialLSearch.php on line 124
Warning: htmlspecialchars() expects parameter 1 to be string, array given in
/var/www/html/wiki16/skins/WikiHowSkin.php on line 1468
Also, when an array is given as a search type, the function Fatal error: Call
to a member function getArticleID() yields another path disclose as seen here:
http://www.wikihow.com/Special:LSearch?search=%5B%5D&fulltext=Search
Fatal error: Call to a member function getArticleID() on a non-object in
/var/www/html/wiki16/includes/SpecialLSearch.php on line 91
It is not known at this time if other wiki systems are vulnerable to the same
thing. If it is, drop me a line.