Google Mini Search Applicance Path Disclosure

Type securityvulns
Reporter Securityvulns
Modified 2006-09-23T00:00:00

Description - Vulnerability Advisory

Release Date: 22-Sep-2006

Software: Google Inc - Google Mini Search Appliance

"The Google Mini delivers cost-effective, high-quality search for your public website, intranet, and file servers, and you can be up and running in less than an hour."

Versions affected: 4.4.102.M.36 and below.

Vulnerability discovered:

Reveal web server path.

Vulnerability impact:

Low - Web server path disclosure.

Vulnerability information:

User controlled 'client' value.

Example (lines may be wrapped):

Would return the error: "/export/hda3/4.4.102.M.36/local/conf/frontends/showmethepathalready /domain_filter (No such file or directory)"

May be able to break out, but not yet found. Fuzz anyone?

References: advisory

Credit: Patrick Webster ( )

Disclosure timeline: 22-Sep-2006 - Disclosure.