HTTP: Super Site Searcher Arbitrary Command Execution
This signature detects attempts to exploit a known vulnerability in Independent Solution Super Site Searcher and Simple Site Searcher. The Site searchers do not securely strip shell metacharacters, allowing attackers to send malicious commands to the Web server and execute programs with user permissions of the Web server daemon.
Extended Description
Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are then used in a function which passes commands directly through the shell. A remote attacker may exploit this condition to execute arbitrary commands on the shell with the privileges of the webserver process. Simple Site Searcher, released by the same vendor, is also prone to this issue.
Affected Products
Independent_solution simple_site_searcher
Short Name
HTTP:CGI:SITESEARCHER-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Arbitrary Command Execution Searcher Site Super bid:5605
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Independent_solution