Vulnerabilities > CVE-2000-0941 - Unspecified vulnerability in Kootenay web INC Kootenay web INC Whois 1.0

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
kootenay-web-inc
critical
nessus
exploit available
NVD
Published: 2000-12-19
Updated: 2017-10-10

Summary

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

Vulnerable Configurations

Part Description Count
Application
Kootenay_Web_Inc
1

Exploit-Db

descriptionKootenay Web Inc whois 1.0 Remote Command Execution Vulnerability. CVE-2000-0941. Remote exploit for cgi platform
idEDB-ID:20370
last seen2016-02-02
modified2000-10-29
published2000-10-29
reporterMark Stratman
sourcehttps://www.exploit-db.com/download/20370/
titleKootenay Web Inc whois 1.0 - Remote Command Execution Vulnerability

Nessus

NASL familyCGI abuses
NASL idKW_WHOIS.NASL
descriptionThe version of the KW whois CGI script installed on the remote web server fails to filter input to the
last seen2020-06-01
modified2020-06-02
plugin id10541
published2002-11-29
reporterThis script is Copyright (C) 2000-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/10541
titleKW Whois CGI whois Parameter Arbitrary Command Execution
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if(description)
{
 script_id(10541);
 script_version ("1.28");

 script_cve_id("CVE-2000-0941");
 script_bugtraq_id(1883);

 script_name(english:"KW Whois CGI whois Parameter Arbitrary Command Execution");
 script_summary(english:"Checks for the presence of /cgi-bin/whois.cgi");

 script_set_attribute(
  attribute:"synopsis",
  value:
"The remote web server hosts a CGI script that allows execution of
arbitrary commands."
 );
 script_set_attribute(
  attribute:"description", 
  value:
"The version of the KW whois CGI script installed on the remote web
server fails to filter input to the 'whois' parameter of shell
metacharacters.  An unauthenticated, remote attacker can leverage this
issue to execute arbitrary commands with the privileges of the http
daemon."
 );
 script_set_attribute(
  attribute:"see_also", 
  value:"https://seclists.org/bugtraq/2000/Oct/426"
 );
 script_set_attribute(
  attribute:"solution", 
  value:"Unknown at this time."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(
  attribute:"vuln_publication_date", 
  value:"2000/10/29"
 );
 script_set_attribute(
  attribute:"plugin_publication_date", 
  value:"2002/11/29"
 );
 script_cvs_date("Date: 2018/11/15 20:50:17");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2000-2018 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 80);
 exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

http_check_remote_code (
			check_request:"/whois.cgi?action=load&whois=%3Bid",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id"
			);

References