Exploitation Summary
EIP tracks 1 public exploit for CVE-2000-0941. PoCs published by Mark Stratman.
AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in Kootenay Web Inc's Whois (v1.9) due to improper input sanitization. By injecting shell metacharacters (e.g., ";id") into the 'whois' parameter, an attacker can execute arbitrary commands with the privileges of the webserver.
Description
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
Exploits (1)
The exploit demonstrates a command injection vulnerability in Kootenay Web Inc's Whois (v1.9) due to improper input sanitization. By injecting shell metacharacters (e.g., ";id") into the 'whois' parameter, an attacker can execute arbitrary commands with the privileges of the webserver.