CVE-2005-3757
published 2005-11-22CVE-2005-3757: The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
42.18%
98.5th percentile
The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect outbound connections from the Google Search Appliance to attacker-controlled hosts triggered by the proxystylesheet parameter; the appliance fetching an external XSLT stylesheet is the exploitation vector. ↗
- →Monitor for XSLT stylesheets served to the appliance containing Java method calls such as system-property, sys:getProperty, or run:exec in xsl:value-of select attributes, which are the payload delivery mechanism. ↗
- →Detect the exploit payload pattern: XSLT content containing ':x:MSF:x:' placeholder replaced with a /usr/bin/perl -e system(pack(...)) command string, indicating Metasploit-generated malicious stylesheets. ↗
- ·The exploit requires the target Google Search Appliance to be able to make outbound HTTP connections back to the attacker's machine; network egress filtering on the appliance will block exploitation. ↗
- ·Google released a patch (advisory GA-2005-08-m) in August 2005; patched appliances return 'ERROR: Unable to fetch the stylesheet' and are not exploitable via this vector. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
exploitdb·2010-07-01
CVE-2005-3757 Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
Google Appliance ProxyStyleSheet - Command Execution (Metasploit)
---
##
# $Id: google_proxystylesheet_exec.rb 9653 2010-07-01 23:33:07Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Google Appliance ProxyStyleSheet Command Execution',
'Description' => %q{
This module exploits a feature in the Saxon XSLT parser used by
the Google Search Appliance. This feature allows for arbitrary
java methods to be called. Google released a patch and advisory to
their client base in August of 2005 (GA-2005-08-m). The target appliance
must be ab
Exploit-DB
Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit)
exploitdb·2005-11-20
CVE-2005-3757 Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit)
Google Search Appliance - proxystylesheet XSLT Java Code Execution (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::google_proxystylesheet_exec;
use strict;
use base "Msf::Exploit";
use Pex::Text;
use IO::Socket;
use IO::Select;
my $advanced = { };
my $info =
{
'Name' => 'Google Appliance ProxyStyleSheet Command Execution',
'Version' => '$Revision: 1.1 $',
'Authors' => [ 'H D Moore ' ],
'Description' =>
Pex::Text::Freeform(qq{
This modul
Metasploit
Google Appliance ProxyStyleSheet Command Execution
metasploit
Google Appliance ProxyStyleSheet Command Execution
Google Appliance ProxyStyleSheet Command Execution
This module exploits a feature in the Saxon XSLT parser used by the Google Search Appliance. This feature allows for arbitrary java methods to be called. Google released a patch and advisory to their client base in August of 2005 (GA-2005-08-m). The target appliance must be able to connect back to your machine for this exploit to work.
No writeups or analysis indexed.
http://metasploit.com/research/vulns/google_proxystylesheet/http://secunia.com/advisories/17644http://securitytracker.com/id?1015246http://www.osvdb.org/20981http://www.securityfocus.com/archive/1/417310/30/0/threadedhttp://www.securityfocus.com/bid/15509http://www.vupen.com/english/advisories/2005/2500http://metasploit.com/research/vulns/google_proxystylesheet/http://secunia.com/advisories/17644http://securitytracker.com/id?1015246http://www.osvdb.org/20981http://www.securityfocus.com/archive/1/417310/30/0/threadedhttp://www.securityfocus.com/bid/15509http://www.vupen.com/english/advisories/2005/2500
2005-11-22
Published