CVE-2000-0177
dnstools < 1.0.8 - Remote Command Execution via Shell Metacharacters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-0177. PoCs published by Jonathan Leto.
AI-analyzed exploit summary The exploit describes a command injection vulnerability in DNSTools 1.0.8 due to lack of input validation in CGI parameters. The writeup explains how arbitrary commands can be executed via manipulated POST variables in the system() call.
Description
DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Jonathan Leto · textremotecgi
https://www.exploit-db.com/exploits/19786
The exploit describes a command injection vulnerability in DNSTools 1.0.8 due to lack of input validation in CGI parameters. The writeup explains how arbitrary commands can be executed via manipulated POST variables in the system() call.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
DNSTools 1.0.8
No auth needed
Prerequisites:
Access to the vulnerable CGI script
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1028
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-03/0000.html
Scores
EPSS
0.0992
EPSS Percentile
95.0%
Details
Status
published
Products (1)
dnstools_software/dnstools
< 1.0.8
Published
Mar 02, 2000
Tracked Since
Feb 18, 2026