Home › News › Industry News

Google patches more flaws in search app

On November 23, 2005, 7:22 PM

Several serious security flaws in Google Mini have been patched, including some that could allow attackers to execute malicious code, carry out cross-site scripting or a port scan, or discover files on the target system. Google Mini is a hardware search appliance used by medium-sized enterprises and departments within large companies, and is a scaled-down version of the enterprise-oriented Google Search Appliance.

The danger originates with a feature in some versions of the appliance allowing a remote URL to be supplied as the path for an XSLT style sheet, used to customise the search interface, Metasploit said. "The Google Search Appliance search interface uses the 'proxystylesheet' form variable to determine what style sheet to apply to the search results. This variable can be a local file name or a HTTP URL," the organisation said in its advisory.

Input to the "proxystylesheet" parameter isn't properly sanitised, allowing attackers to execute malicious script code, what's known as a cross-site scripting attack, Metasploit said. This can be carried out via the appliance's error message system, or via a malicious XSLT style sheet.
Google claims to have been quite responsive and quick to deal with these issues, an attitude shared by HD Moore of the Metasploit Project who reported the bugs.

No tags on this story

Next Article: Text message service for bullied kids

TechSpot on:

Most Popular

Trending

Featured

Featured on Laptops

Downloads and Drivers

World of Warcraft Patch 5.3.0

Funny Photo Maker 2.4.1

More Downloads

Latest Discussion

Watercooling Setup Linking together help 11 replies on Overclocking, Cooling and Modding

How did my Windows key become disabled? 18 replies on Other Hardware

What's the difference between DDR3 memory and GDDR5 memory? 21 replies on Processors and Motherboards

Wireless capability keeps turning off 21 replies on Storage and Networking

Need advice on router-buy 10 replies on Storage and Networking

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.

TechSpot

Welcome to TechSpot

Home › News › Industry News

Google patches more flaws in search app

Next Article: Text message service for bullied kids

Post a new comment

TechSpot on:

Most Popular

GeForce GTX 780 Review: The Titan Descendant

OCZ Vertex 450 Review: Vector-like Performance For Less

AMD A4-5000 Review: The affordable ultraportable APU

Apple claims Samsung violates Siri patents with Google Now

Apple's iOS 7 to be "black, white and flat all over"

AMD A4-5000 Review: Kabini, the mainstream APU

OCZ Vertex 450 SSD Review

Nvidia GeForce GTX 780 Review

Xbox One: Entertainment Hub First, Gaming Console Second -- But Could It Disrupt TV?

Metro: Last Light Performance, Benchmarked

Featured on Laptops

77 Lenovo ThinkPad X1 Carbon Touch

79 Lenovo IdeaPad Yoga 13

75 Asus VivoBook S400CA

89 Apple MacBook Pro 15" Retina - Summer 2012

85 Apple MacBook Air 13.3 inch - Summer 2012

Downloads and Drivers

Latest Discussion

Subscribe to TechSpot

Featured Tech Content - Inside TechSpot

	Social Login & Guest Posting Post as anonymous user			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.