Description
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Mark Stratman · textremotecgi
https://www.exploit-db.com/exploits/20370
References (5)
Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1883
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5438
Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Various Sources x_refsource_misc
http://www.kootenayweb.bc.ca/scripts/whois.txt
Scores
EPSS
0.1346
EPSS Percentile
94.3%
Details
Status
published
Products (1)
kootenay_web_inc/kootenay_web_inc_whois
1.0
Published
Dec 19, 2000
Tracked Since
Feb 18, 2026