Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-1999-1053

Published: 13/09/1999 Updated: 05/09/2008
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Http Server

Vulnerability Summary

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote malicious users to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 1.3.9

matt wright matt wright guestbook 2.3

Exploits

Exploit DB: The Matt Wright Guestbook.pl - Arbitrary Command Execution (Metasploit)
## # $Id: guestbook_ssi_execrb 9671 2010-07-03 06:21:31Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' c ...
Exploit DB: The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include
## # $Id$ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 &lt; Msf::Exploit::Remote include Msf ...

Github Repositories

https://github.com/siunam321/CVE-1999-1053-PoC

CVE-1999-1053 Proof-of-Concept Exploit

CVE-1999-1053 Proof-of-Concept Exploit Background This Proof-of-Concept(PoC) exploit is inspired from a CTF web challenge called CVE 1999 in HKCERT CTF 2022 (Writeup link) Information Description: In Matt Wright Guestbook &lt;= 231, there is a Server-Side Include injection vulnerability that allows unauthenticated user to execute arbitrary code Original author: Patrick

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/82/27296http://www.securityfocus.com/archive/82/27560http://www.securityfocus.com/archive/1/33674http://www.securityfocus.com/bid/776https://nvd.nist.govhttps://github.com/siunam321/CVE-1999-1053-PoChttps://www.exploit-db.com/exploits/16914/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook