Vulnerabilities > CVE-1999-1053 - Remote Command Execution vulnerability in Guestbook CGI

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apache
matt-wright
nessus
exploit available
metasploit
NVD
Published: 1999-09-13
Updated: 2008-09-05

Summary

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Vulnerable Configurations

Part Description Count
Application
Apache
1
Application
Matt_Wright
1

Exploit-Db

  • descriptionMatt Wright guestbook.pl Arbitrary Command Execution. CVE-1999-1053. Webapps exploit for cgi platform
    idEDB-ID:16914
    last seen2016-02-02
    modified2010-07-03
    published2010-07-03
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16914/
    titleMatt Wright guestbook.pl Arbitrary Command Execution
  • descriptionThe Matt Wright guestbook.pl. CVE-1999-1053. Webapps exploit for cgi platform
    idEDB-ID:9907
    last seen2016-02-01
    modified1999-11-05
    published1999-11-05
    reporterpatrick
    sourcehttps://www.exploit-db.com/download/9907/
    titleThe Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability

Metasploit

descriptionThe Matt Wright guestbook.pl <= v2.3.1 CGI script contains a flaw that may allow arbitrary command execution. The vulnerability requires that HTML posting is enabled in the guestbook.pl script, and that the web server must have the Server-Side Include (SSI) script handler enabled for the '.html' file type. By combining the script weakness with non-default server configuration, it is possible to exploit this vulnerability successfully.
idMSF:EXPLOIT/UNIX/WEBAPP/GUESTBOOK_SSI_EXEC
last seen2020-02-27
modified2017-11-08
published2008-06-04
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1053
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/guestbook_ssi_exec.rb
titleMatt Wright guestbook.pl Arbitrary Command Execution

Nessus

NASL familyCGI abuses
NASL idGUESTBOOK_PL.NASL
descriptionThe
last seen2020-06-01
modified2020-06-02
plugin id10099
published1999-12-01
reporterThis script is Copyright (C) 1999-2018 Mathieu Perrin
sourcehttps://www.tenable.com/plugins/nessus/10099
titleMatt Wright guestbook.pl Arbitrary Command Execution

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82359/guestbook_ssi_exec.rb.txt
idPACKETSTORM:82359
last seen2016-12-05
published2009-10-30
reporterpatrick
sourcehttps://packetstormsecurity.com/files/82359/Matt-Wright-guestbook.pl-Arbitrary-Command-Execution.html
titleMatt Wright guestbook.pl Arbitrary Command Execution

References