Vulnerabilities > CVE-1999-1053
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Exploit-Db
description Matt Wright guestbook.pl Arbitrary Command Execution. CVE-1999-1053. Webapps exploit for cgi platform id EDB-ID:16914 last seen 2016-02-02 modified 2010-07-03 published 2010-07-03 reporter metasploit source https://www.exploit-db.com/download/16914/ title Matt Wright guestbook.pl Arbitrary Command Execution description The Matt Wright guestbook.pl. CVE-1999-1053. Webapps exploit for cgi platform id EDB-ID:9907 last seen 2016-02-01 modified 1999-11-05 published 1999-11-05 reporter patrick source https://www.exploit-db.com/download/9907/ title The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability
Metasploit
| description | The Matt Wright guestbook.pl <= v2.3.1 CGI script contains a flaw that may allow arbitrary command execution. The vulnerability requires that HTML posting is enabled in the guestbook.pl script, and that the web server must have the Server-Side Include (SSI) script handler enabled for the '.html' file type. By combining the script weakness with non-default server configuration, it is possible to exploit this vulnerability successfully. |
| id | MSF:EXPLOIT/UNIX/WEBAPP/GUESTBOOK_SSI_EXEC |
| last seen | 2020-02-27 |
| modified | 2017-11-08 |
| published | 2008-06-04 |
| references | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1053 |
| reporter | Rapid7 |
| source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/unix/webapp/guestbook_ssi_exec.rb |
| title | Matt Wright guestbook.pl Arbitrary Command Execution |
Nessus
| NASL family | CGI abuses |
| NASL id | GUESTBOOK_PL.NASL |
| description | The |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10099 |
| published | 1999-12-01 |
| reporter | This script is Copyright (C) 1999-2018 Mathieu Perrin |
| source | https://www.tenable.com/plugins/nessus/10099 |
| title | Matt Wright guestbook.pl Arbitrary Command Execution |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/82359/guestbook_ssi_exec.rb.txt |
| id | PACKETSTORM:82359 |
| last seen | 2016-12-05 |
| published | 2009-10-30 |
| reporter | patrick |
| source | https://packetstormsecurity.com/files/82359/Matt-Wright-guestbook.pl-Arbitrary-Command-Execution.html |
| title | Matt Wright guestbook.pl Arbitrary Command Execution |
References
- http://www.securityfocus.com/archive/1/33674
- http://www.securityfocus.com/archive/1/33674
- http://www.securityfocus.com/archive/82/27296
- http://www.securityfocus.com/archive/82/27296
- http://www.securityfocus.com/archive/82/27560
- http://www.securityfocus.com/archive/82/27560
- http://www.securityfocus.com/bid/776
- http://www.securityfocus.com/bid/776