Exploitation Summary
EIP tracks 1 public exploit for CVE-1999-0146. PoCs published by Francisco Torres.
AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in the Campas CGI script (version 1.2) shipped with older NCSA HTTPd versions. The script fails to sanitize user input, allowing arbitrary command execution via %0a (linefeed) characters.
Description
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
Exploits (1)
This exploit demonstrates a command injection vulnerability in the Campas CGI script (version 1.2) shipped with older NCSA HTTPd versions. The script fails to sanitize user input, allowing arbitrary command execution via %0a (linefeed) characters.