Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
RiSearch和RiSearch Pro多个安全漏洞
Vulnerability Description
RiSearch (Pro) Suite是一款用户搜索WEB站点的PERL脚本。 RiSearch (Pro)存在多个安全问题,远程攻击者可以利用这些漏洞通过FTP或HTTP访问任意端口和或以WEB权限在系统上查看任意文件内容。 RiSearch (Pro)包含的show.pl脚本对用户提交的参数缺少充分过滤,攻击者可以操作URI变量请求其他站点,端口和文件。另外对'file'参数缺少充分过滤,提交包含本地系统文件作为参数,可以WEB进程权限查看并返回给攻击者。
CVSS Information
N/A
Vulnerability Type
N/A