CVE-2000-0941

Kootenay Web KW Whois 1.0 - Command Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0941. PoCs published by Mark Stratman.

AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in Kootenay Web Inc's Whois (v1.9) due to improper input sanitization. By injecting shell metacharacters (e.g., ";id") into the 'whois' parameter, an attacker can execute arbitrary commands with the privileges of the webserver.

Description

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mark Stratman · textremotecgi
https://www.exploit-db.com/exploits/20370

The exploit demonstrates a command injection vulnerability in Kootenay Web Inc's Whois (v1.9) due to improper input sanitization. By injecting shell metacharacters (e.g., ";id") into the 'whois' parameter, an attacker can execute arbitrary commands with the privileges of the webserver.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Kootenay Web Inc's Whois v1.9
No auth needed
Prerequisites: Access to the vulnerable web interface
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1883
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5438
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Various Sources x_refsource_misc
http://www.kootenayweb.bc.ca/scripts/whois.txt

Scores

EPSS 0.1346
EPSS Percentile 96.0%

Details

Status published
Products (1)
kootenay_web_inc/kootenay_web_inc_whois 1.0
Published Dec 19, 2000
Tracked Since Feb 18, 2026