Username: Save?
Password:
Home Forum Links Search Login Register*
    News: Keep The TechnoWorldInc.com Community Clean: Read Guidelines Here.
Recent Updates
Instagram adds features t...
by Saniya Abraham
[October 17, 2024, 05:05:06 PM]
Firm hacked after acciden...
by Saniya Abraham
[October 17, 2024, 04:53:18 PM]
US 'click to cancel' rule...
by Saniya Abraham
[October 17, 2024, 04:53:18 PM]
How does WhatsApp make mo...
by Saniya Abraham
[October 17, 2024, 04:53:18 PM]
Social media faces big ch...
by Saniya Abraham
[October 17, 2024, 04:53:18 PM]
Man accused of using bots...
by Saniya Abraham
[September 09, 2024, 12:27:25 PM]
Google abusing ad tech do...
by Saniya Abraham
[September 09, 2024, 12:27:25 PM]
Thieves snatched his phon...
by Saniya Abraham
[September 09, 2024, 12:27:25 PM]
Google's lucrative ad tec...
by Saniya Abraham
[September 09, 2024, 12:27:25 PM]
Secrets of hovering kestr...
by Saniya Abraham
[August 10, 2024, 12:34:30 PM]
Musk shares faked far-rig...
by Saniya Abraham
[August 10, 2024, 12:34:30 PM]
The AI tech aiming to ide...
by Saniya Abraham
[August 10, 2024, 12:34:30 PM]
Delta Airlines hits out a...
by Saniya Abraham
[August 10, 2024, 12:34:30 PM]
Subscriptions
Get Latest Tech Updates For Free!
Resources
   Travelikers
   Funistan
   PrettyGalz
   Techlap
   FreeThemes
   Videsta
   Glamistan
   BachatMela
   GlamGalz
   Techzug
   Vidsage
   Funzug
   WorldHostInc
   Funfani
   FilmyMama
   Uploaded.Tech
   MegaPixelShop
   Netens
   Funotic
   FreeJobsInc
   FilesPark
Participate in the fastest growing Technical Encyclopedia! This website is 100% Free. Please register or login using the login box above if you have already registered. You will need to be logged in to reply, make new topics and to access all the areas. Registration is free! Click Here To Register.
+ Techno World Inc - The Best Technical Encyclopedia Online! » Forum » THE TECHNO CLUB [ TECHNOWORLDINC.COM ] » Techno Articles » Internet
 Systems Using Google Mini Search Appliance May Be At Risk
Pages: [1]   Go Down
  Print  
Author Topic: Systems Using Google Mini Search Appliance May Be At Risk  (Read 495 times)
Shawn Tracer
TWI Hero
**********


Karma: 2
Offline Offline

Posts: 16072


View Profile
Systems Using Google Mini Search Appliance May Be At Risk
« Posted: February 27, 2008, 11:08:02 AM »

Systems Using Google Mini Search Appliance May Be At Risk
 by: Askme Blax

Google, the number one search engine used by Internet users, provides web developers and users certain tools for customizing searches to the user’s liking. While Google’s reputation is nearly impeccable and its products are generally thought of as "safe", a problem first reported on June 10, 2005 causes some concern over whether such blind faith is wise.

According to The Metasploit Project, in August 2005, a patch had to be issued by Google to fix security flaws in its Mini Search Appliance. The patch, GA-2005-08-m, fixes problems with the Mini’s ‘proxystylesheet’ implementation. By design, the Google Mini Search Appliance allows system commands and java code execution by users that would not ordinarily have such system privileges. (See Google Answers.) But, because the search interface uses the ‘proxystylesheet’ form variable to determine what style sheet to apply to the search results, an opportunity for feeding the script dangerous code is presented. The malicious user can supply a variable that is either a local file name or an HTTP URL.

Researcher H. D. Moore says "This feature can be abused to perform cross-site scripting (XSS), file discovery, service enumeration, and arbitrary command execution" if the abuser chooses to use a remote URL. Moore provides an exploit example at Metasploit.com. The example shows how using a remote URL to an XSLT stylesheet could be used to obtain a root shell. Prior to Google’s patch, the user executing the code did not need sufficient system rights for the code to run and no checks were made prior to execution to ensure that the URL parameter was allowable.

While Google has stated that its Mini Search Appliance poses no security issues and has been thoroughly tested, Moore performed some random testing using a Google query on "inurl:proxystylesheet". Of the 43 websites tested, 23 were confirmed vulnerable and unpatched.

More information on the patch for Google’s customers who have purchased its $2995 Mini Search Appliance is available at the Google Enterprise Solutions support website. The Google support group online for Google-Mini may also shed some light into security concerns of Google’s products and appropriate fixes.

About The Author

Askme Blax is a writer for Askblax.com (www.askblax.com), an African American news and discussion website. Copyright 2005 - AskBlax

Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Copyright © 2006-2023 TechnoWorldInc.com. All Rights Reserved. Privacy Policy | Disclaimer
Powered by SMF 1.1.4 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks
Page created in 0.147 seconds with 24 queries.