CVE-2000-0287
cnc technology_bizdb - OS Command Injection via bizdb-search.cgi dbname Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2000-0287. PoCs published by PErfecto Technology.
AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in BizDB's bizdb-search.cgi script. The 'dbname' parameter is passed to an unchecked open() call, allowing arbitrary command execution via semicolon-separated commands. Exploitation requires a valid HTTP Referer header, which can be spoofed using tools like netcat.
Description
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
Exploits (1)
This exploit demonstrates a command injection vulnerability in BizDB's bizdb-search.cgi script. The 'dbname' parameter is passed to an unchecked open() call, allowing arbitrary command execution via semicolon-separated commands. Exploitation requires a valid HTTP Referer header, which can be spoofed using tools like netcat.