Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RiSearch: crossite scripting...

Cross-Site Scripting vulnerability in RiSearch

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в RiSearch это локальный поисковый движок. XSS: http://site/search.pl?query=3Cscript3Ealertdocument.cookie3C/script3E Уязвима версия RiSearch 0.99.02 и все предыдущие, а также потенциально последующие версии...

RiSearch和RiSearchPro多个安全漏洞 Exploit

No description provided by source. Phil Robinson、Gerald Gallagher和Kendric Tang提供了如下测试方法： http://10.0.0.0/cgi-bin/search/show.pl?url=http://www.google.com http://10.0.0.0/cgi-bin/search/show.pl?url=http://192.168.0.1 http://10.0.0.0/cgi-bin/search/show.pl?url=http://localhost:8080...

RiSearch Arbitrary File Access Vulnerability - Active Check

RiSearch is prone to a flaw that may lead to an unauthorized information disclosure. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2004-2061

RiSearch shows a vulnerability in the show.pl CGI script that allows an attacker to use the remote host as an open proxy and to read arbitrary local files by passing a url parameter with http://, ftp://, or file://. Affected software/versions include RiSearch 1.0.01 and RiSearch Pro 3.2.06. The u...

RiSearch show.pl Open Proxy Relay

The remote host seems to be running RiSearch, a local search engine. There is a flaw in the CGI 'show.pl' which is bundled with this software that could allow an attacker to use the remote host as an open proxy by doing a request like :...