cbcvebase.
CVE-2009-1916
published 2009-06-04

CVE-2009-1916: dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.

PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
10.30%
95.1th percentile
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.

Detection & IOCsextracted from sources · hover to see the quote

pathdig.php
urlhttp://127.0.0.1/dig.php?ns=||COMMAND HERE||&host=mortal-team.net&query_type=NS&status=digging
urlhttp://127.0.0.1/dig.php?ns=||whoami||&host=mortal-team.net&query_type=NS&status=digging
  • Detect unsanitized 'ns' GET parameter in dig.php containing shell metacharacters (e.g., '||') used to inject OS commands into a system() call.
  • Look for HTTP requests to dig.php where the 'ns' parameter contains '||' pipe sequences wrapping arbitrary OS commands, indicating exploitation of the RCE vulnerability.
  • Monitor for process spawning from a web server process (e.g., Apache/PHP) invoking 'dig' with unexpected arguments or additional shell commands chained via '||' metacharacters.
  • ·The vulnerable parameter is directly interpolated into a system() shell call with no sanitization; any deployment of dig.php from GScripts.net DNS Tools (PHP Digger) is affected regardless of server configuration.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.