Vulnerabilities > CVE-2003-0243 - Unspecified vulnerability in Happycgi Happymall 4.3/4.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

happycgi

nessus

exploit available

NVD

Published: 2003-05-27

Updated: 2008-09-10

Summary

Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter for the (1) normal_html.cgi or (2) member_html.cgi scripts.

Vulnerable Configurations

Part	Description	Count
Application	Happycgi Happycgi Happymall 4.3 Happycgi Happymall 4.4	2

Exploit-Db

description	HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability. CVE-2003-0243 . Webapps exploit for cgi platform
id	EDB-ID:22571
last seen	2016-02-02
modified	2003-05-07
published	2003-05-07
reporter	Revin Aldi
source	https://www.exploit-db.com/download/22571/
title	HappyMall E-Commerce Software 4.3/4.4 Normal_HTML.CGI Command Execution Vulnerability

description	HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability. CVE-2003-0243. Webapps exploit for cgi platform
id	EDB-ID:22572
last seen	2016-02-02
modified	2003-05-08
published	2003-05-08
reporter	Revin Aldi
source	https://www.exploit-db.com/download/22572/
title	HappyMall E-Commerce Software 4.3/4.4 Member_HTML.CGI Command Execution Vulnerability

Nessus

NASL family	CGI abuses
NASL id	HAPPYMALL_CMD_EXEC.NASL
description	There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon (typically root or nobody), by making a request like : /shop/normal_html.cgi?file=\|id\| In addition, member_html.cgi has been reported vulnerable. However, Nessus has not checked for this.
last seen	2020-06-01
modified	2020-06-02
plugin id	11602
published	2003-05-08
reporter	This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/11602
title	HappyMall Multiple Script Arbitrary Command Execution
code	# # (C) Tenable Network Security, Inc. # # Ref: https://seclists.org/vulnwatch/2003/q2/60 include("compat.inc"); if(description) { script_id(11602); script_version ("1.23"); script_cve_id("CVE-2003-0243"); script_bugtraq_id(7529, 7530); script_name(english:"HappyMall Multiple Script Arbitrary Command Execution"); script_set_attribute(attribute:"synopsis", value: "The remote host is running the HappyMall E-Commerce CGI suite." ); script_set_attribute(attribute:"description", value: "There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon (typically root or nobody), by making a request like : /shop/normal_html.cgi?file=\|id\| In addition, member_html.cgi has been reported vulnerable. However, Nessus has not checked for this." ); script_set_attribute(attribute:"see_also", value:"https://seclists.org/vulnwatch/2003/q2/60" ); script_set_attribute(attribute:"solution", value: "Upgrade to the newest version of this CGI" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value: "2003/05/08"); script_set_attribute(attribute:"vuln_publication_date", value: "2003/05/03"); script_cvs_date("Date: 2018/11/15 20:50:17"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for HappyMall"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); http_check_remote_code ( extra_dirs:make_list("/shop"), check_request:"/normal_html.cgi?file=\|id\|", check_result:"uid=[0-9]+.gid=[0-9]+.", command:"id" );

Packetstorm

data source	https://packetstormsecurity.com/files/download/31114/unhappycgi.txt
id	PACKETSTORM:31114
last seen	2016-12-05
published	2003-05-09
reporter	revin aldi
source	https://packetstormsecurity.com/files/31114/unhappycgi.txt.html
title	unhappycgi.txt

Summary

Vulnerable Configurations

Exploit-Db

Nessus

Packetstorm

References