CVE-2002-0922

CGIScript.net csNews.cgi - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0922. PoCs published by Steve Gustin.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in csNews CGI script where double URL-encoded metacharacters allow unauthorized access to administrative pages. No actual exploit code is provided, only example URLs demonstrating the vulnerability.

Description

CGIScript.net csNews.cgi allows remote attackers to obtain database files via a direct URL-encoded request to (1) default%2edb or (2) default%2edb.style, or remote authenticated users to perform administrative actions via (3) a database parameter set to default%2edb.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Steve Gustin · textwebappscgi

https://www.exploit-db.com/exploits/21532

View Code ZIP pw:eip

The exploit describes an authentication bypass vulnerability in csNews CGI script where double URL-encoded metacharacters allow unauthorized access to administrative pages. No actual exploit code is provided, only example URLs demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: csNews (version not specified)

No auth needed

Prerequisites: Access to the csNews.cgi script

MITRE ATT&CK