SID 3465
Msg
"WEB-CGI RiSearch show.pl proxy attempt"
Summary
This event is generated when an attempt is made to access the cgi script show.pl.
Classtype
web-application-activity
Impact
Use of script as an open proxy.
Detailed Information
RiSearch is a collection of cgi scripts written in Perl to facilitate web site search functionality. Some versions of the script show.pl do not correctly sanitize user input. This may present an attacker with the opportunity to use the script as an open proxy server, possibly in attempts to execute web attacks against other systems anonymously.
Specifically, it may be possible for an attacker to supply their own input to the "uri" parameter.
Affected Systems
- RiSearch 0.99.8 and prior
- RiSearch Pro 3.2.6
Attack Scenarios
An attacker can supply a URI of their choosing as a value for the uri parameter
Ease Of Attack
Simple. No exploit software required.
False Positives
None known.
False Negatives
None known.
Corrective Action
Ensure the system is using an up to date version of the software.
Contributors
- Sourcefire Vulnerability Research Team
- Alex Kirk
- Nigel Houghton
