https://www.exploit-db.com/exploits/21768
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-303

SuperSiteSearcher是一款基于Web的搜索引擎系统。SuperSiteSearcher没有正确过滤用户提交的输入，远程攻击者可以利用这个漏洞以WEB权限在系统上执行任意命令。SuperSiteSearcher中的site_searcher.cgi脚本没有充分过滤用户提交给查询参数的转义字符，通过提交包含如”|”SHELL转义字符的任意命令，可导致命令直接传递给SHELL以Web权限执行。

source: http://www.securityfocus.com/bid/5605/info

Super Site Searcher is prone to remote command execution. Shell metacharacters are not adequately filtered from query string parameters in a request to the vulnerable search engine script. The parameters are then used in a function which passes commands directly through the shell.

A remote attacker may exploit this condition to execute arbitrary commands on the shell with the privileges of the webserver process.

Simple Site Searcher, released by the same vendor, is also prone to this issue. 

http://target/searchenginepath/site_searcher.cgi?page=|command|

来源:BID
名称:5605
链接:http://www.securityfocus.com/bid/5605
来源:SECTRACK
名称:1005190
链接:http://securitytracker.com/id?1005190
来源：NSFOCUS
名称：3453
链接：http://www.nsfocus.net/vulndb/3453