CVE-2002-1489

PlanetDNS PlanetWeb < 1.14 - Remote Code Execution via Long URL or Method Name

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1489. PoCs published by UkR-XblP.

AI-analyzed exploit summary This Perl script exploits a buffer overflow vulnerability in PlanetWeb web server by sending a maliciously crafted GET request with a 1024-byte URL. The overflow may allow remote code execution in the context of the web server process.

Description

Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by UkR-XblP · perldoswindows

https://www.exploit-db.com/exploits/21795

View Code ZIP pw:eip

This Perl script exploits a buffer overflow vulnerability in PlanetWeb web server by sending a maliciously crafted GET request with a 1024-byte URL. The overflow may allow remote code execution in the context of the web server process.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PlanetWeb (version unspecified)

No auth needed

Prerequisites: Network access to the target web server · PlanetWeb server running on port 80

MITRE ATT&CK