Several serious security flaws in Google Mini have been patched, including some that could allow attackers to execute malicious code, carry out cross-site scripting or a port scan, or discover files on the target system. Google Mini is a hardware search appliance used by medium-sized enterprises and departments within large companies, and is a scaled-down version of the enterprise-oriented Google Search Appliance.
The danger originates with a feature in some versions of the appliance allowing a remote URL to be supplied as the path for an XSLT style sheet, used to customise the search interface, Metasploit said. "The Google Search Appliance search interface uses the 'proxystylesheet' form variable to determine what style sheet to apply to the search results. This variable can be a local file name or a HTTP URL," the organisation said in its advisory.
Input to the "proxystylesheet" parameter isn't properly sanitised, allowing attackers to execute malicious script code, what's known as a cross-site scripting attack, Metasploit said. This can be carried out via the appliance's error message system, or via a malicious XSLT style sheet.
Google claims to have been quite responsive and quick to deal with these issues, an attitude shared by HD Moore of the Metasploit Project who reported the bugs.