Google Mini Search Applicance Path Disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Google Mini Search Applicance Path Disclosure
From: "Patrick Webster" <patrick@xxxxxxxxxxx>
Date: Fri, 22 Sep 2006 18:14:14 +1000
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition:x-google-sender-auth; b=Ohd3yEA6PQm1Fr0ErIjGVy0Fo+9SwtB5zrdqTMwzyv/OUJVv87VBXwmm1FVkb5twFiYdmPYI9T2MehFoTnCyOM68tahoPDLefmJEOX0tApZuxZfbo+bO4ZxiljVJlXL8x1VwOL3Jp96VHMkNOLYZFODWE87RdGuSs7GM7Rgm2CA=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Sender: aushack@xxxxxxxxx

aushack.com - Vulnerability Advisory
-----------------------------------------------
Release Date:
22-Sep-2006

Software:
Google Inc - Google Mini Search Appliance
http://www.google.com.au/enterprise/mini/index.html

"The Google Mini delivers cost-effective, high-quality search for
 your public website, intranet, and file servers, and you can be up
 and running in less than an hour."

Versions affected:
4.4.102.M.36 and below.

Vulnerability discovered:

Reveal web server path.

Vulnerability impact:

Low - Web server path disclosure.       

Vulnerability information:

User controlled 'client' value.

Example (lines may be wrapped):

 http://mini.site.com.au/search?q=test&client=showmethepathalready

 Would return the error:
 "/export/hda3/4.4.102.M.36/local/conf/frontends/showmethepathalready
  /domain_filter (No such file or directory)"

 May be able to break out, but not yet found. Fuzz anyone?

References:
aushack.com advisory
http://www.aushack.com/advisories/200609-googlemini.txt

Credit:
Patrick Webster ( patrick@xxxxxxxxxxx )

Disclosure timeline:
22-Sep-2006 - Disclosure.

EOF

Prev by Date: Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting
Next by Date: Self-contained XSS Attacks (the new generation of XSS)
Previous by thread: Squiz MySource Matrix Unauthorised Proxy and Cross Site Scripting
Next by thread: Self-contained XSS Attacks (the new generation of XSS)
Index(es):
- Date
- Thread