Vulnerabilities > CVE-2005-1950 - Remote Command Execution vulnerability in Darryl Burgdorf Webhints 1.3

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

darryl-burgdorf

nessus

exploit available

NVD

Published: 2005-06-09

Updated: 2016-10-18

Summary

hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

Vulnerable Configurations

Part	Description	Count
Application	Darryl_Burgdorf Darryl Burgdorf Webhints 1.3	1

Exploit-Db

description	Webhints <= 1.03 Remote Command Execution Exploit (perl code) (1). CVE-2005-1950. Webapps exploit for cgi platform
id	EDB-ID:1039
last seen	2016-01-31
modified	2005-06-11
published	2005-06-11
reporter	Alpha_Programmer
source	https://www.exploit-db.com/download/1039/
title	Webhints <= 1.03 - Remote Command Execution Exploit perl code 1

Nessus

NASL family	CGI abuses
NASL id	WEBHINTS_REMOTE_CMD_EXEC.NASL
description	The remote host is running the WebHints scripts. This version of WebHints has a remote command execution vulnerability in hints.pl. A remote attacker could exploit this to execute arbitrary commands on the system.
last seen	2020-06-01
modified	2020-06-02
plugin id	18478
published	2005-06-13
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18478
title	WebHints hints.pl Arbitrary Command Execution
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if(description) { script_id(18478); script_version("1.20"); script_cve_id("CVE-2005-1950"); script_bugtraq_id(13930); script_name(english:"WebHints hints.pl Arbitrary Command Execution"); script_set_attribute( attribute:"synopsis", value: "A web application on the remote host has a command execution vulnerability." ); script_set_attribute( attribute:"description", value: "The remote host is running the WebHints scripts. This version of WebHints has a remote command execution vulnerability in hints.pl. A remote attacker could exploit this to execute arbitrary commands on the system." ); script_set_attribute( attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Jun/73" ); script_set_attribute( attribute:"solution", value: "There is no known solution at this time. Remove this script from the web server." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/06/13"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/06/09"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); script_summary(english:"Checks for WebHints remote command execution flaw"); script_category(ACT_ATTACK); script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencie("find_service1.nasl", "http_version.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); exit(0); } include("http_func.inc"); include("http_keepalive.inc"); http_check_remote_code_ka ( check_request:"/hints.pl?\|id\|", extra_check:"WebHints [0-9]+\.[0-9]+</A></SMALL></P></CENTER>", check_result:"uid=[0-9]+.gid=[0-9]+.", command:"id" );

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References