CVE-1999-1053

Exploitation Summary

EIP tracks 4 public exploits for CVE-1999-1053. PoCs published by Metasploit, patrick, siunam321, including Metasploit module exploits/unix/webapp/guestbook_ssi_exec.

AI-analyzed exploit summary This Metasploit module exploits a command execution vulnerability in Matt Wright guestbook.pl by leveraging Server-Side Include (SSI) execution in the guestbook.html output. It requires HTML posting to be enabled and SSI support for .html files on the server.

Description

guestbook.pl cleanses user-inserted SSI commands by removing text between "" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappscgi

https://www.exploit-db.com/exploits/16914

View Code ZIP pw:eip

This Metasploit module exploits a command execution vulnerability in Matt Wright guestbook.pl by leveraging Server-Side Include (SSI) execution in the guestbook.html output. It requires HTML posting to be enabled and SSI support for .html files on the server.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Matt Wright guestbook.pl <= v2.3.1

No auth needed

Prerequisites: HTML posting enabled in guestbook.pl · SSI enabled for .html files on the server

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by patrick · rubywebappscgi

https://www.exploit-db.com/exploits/9907

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in Matt Wright guestbook.pl (CVE-1999-1053) by leveraging Server-Side Include (SSI) execution in the guestbook.html output. It sends a crafted POST request with a malicious SSI directive in the comments field, then triggers execution by accessing the output file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Matt Wright guestbook.pl <= v2.3.1

No auth needed

Prerequisites: HTML posting enabled in guestbook.pl · SSI enabled for .html files on the server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by siunam321 · poc

https://github.com/siunam321/CVE-1999-1053-PoC

View Code ZIP pw:eip

This repository contains a functional Python script that exploits CVE-1999-1053, a Server-Side Include (SSI) injection vulnerability in Matt Wright Guestbook <= 2.3.1. The script sends a crafted POST request to inject SSI directives, which are then executed when the guestbook.html page is accessed.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Matt Wright Guestbook <= 2.3.1

No auth needed

Prerequisites: HTML posting enabled in guestbook.pl · Server-Side Include (SSI) script handler enabled for .html files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1200 - Hardware Additions

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by aushack · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/guestbook_ssi_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command execution vulnerability in Matt Wright guestbook.pl (CVE-1999-1053) by injecting SSI directives into the guestbook comments field, requiring HTML posting and SSI support on the server. The exploit sends a crafted POST request to execute arbitrary commands via the SSI exec directive.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Matt Wright guestbook.pl <= v2.3.1

No auth needed

Prerequisites: HTML posting enabled in guestbook.pl · Server-Side Include (SSI) enabled for .html files

MITRE ATT&CK