CVE-2009-1916
published 2009-06-04CVE-2009-1916: dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.30%
95.1th percentile
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unsanitized 'ns' GET parameter in dig.php containing shell metacharacters (e.g., '||') used to inject OS commands into a system() call. ↗
- →Look for HTTP requests to dig.php where the 'ns' parameter contains '||' pipe sequences wrapping arbitrary OS commands, indicating exploitation of the RCE vulnerability. ↗
- →Monitor for process spawning from a web server process (e.g., Apache/PHP) invoking 'dig' with unexpected arguments or additional shell commands chained via '||' metacharacters. ↗
- ·The vulnerable parameter is directly interpolated into a system() shell call with no sanitization; any deployment of dig.php from GScripts.net DNS Tools (PHP Digger) is affected regardless of server configuration. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2009-06-04
Published