Rule:

--
Sid:
3465

--
Summary:
This event is generated when an attempt is made to access the cgi script
show.pl.

--
Impact:
Use of script as an open proxy.

--
Detailed Information:
RiSearch is a collection of cgi scripts written in Perl to facilitate
web site search functionality. Some versions of the script show.pl do
not correctly sanitize user input. This may present an attacker with the
opportunity to use the script as an open proxy server, possibly in
attempts to execute web attacks against other systems anonymously.

Specifically, it may be possible for an attacker to supply their own
input to the "uri" parameter.

--
Affected Systems:
	RiSearch 0.99.8 and prior
	RiSearch Pro 3.2.6

--
Attack Scenarios:
An attacker can supply a URI of their choosing as a value for the
uri parameter

--
Ease of Attack:
Simple. No exploit software required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software.

--
Contributors:
Sourcefire Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--
