The document presents a search-driven approach to solving string constraints for vulnerability detection. State-of-the-art solvers like Z3-str2 have limitations in supporting complex string operations. The proposed approach decomposes constraints and leverages an automata-based solver to reduce the search space, before using a search-based solver to find satisfying assignments. An evaluation on 43 programs shows the approach significantly improves vulnerability detection effectiveness over baseline solvers, with affordable time costs. The automata-based solver plays a key role in the effectiveness of the search-based procedure.