CVE-2005-2777

Looking Glass 20040427 - Remote Command Execution via DNS Lookup Query Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2777. PoCs published by rgod.

AI-analyzed exploit summary This PHP script exploits CVE-2005-2777 in Looking Glass v20040427 by injecting arbitrary commands via the '|' character in a URI parameter, leading to remote command execution. The exploit sends a crafted POST request to the vulnerable endpoint and displays the output.

Description

Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/26203

This PHP script exploits CVE-2005-2777 in Looking Glass v20040427 by injecting arbitrary commands via the '|' character in a URI parameter, leading to remote command execution. The exploit sends a crafted POST request to the vulnerable endpoint and displays the output.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Looking Glass v20040427
No auth needed
Prerequisites: Network access to the vulnerable Looking Glass instance · PHP environment to run the exploit script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16607/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22045
Various Sources x_refsource_confirm
http://de-neef.net/articles.php?id=2&page=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14682
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112516327607001&w=2

Scores

EPSS 0.1219
EPSS Percentile 95.6%

Details

Status published
Products (1)
looking_glass/looking_glass 2004-04-27
Published Sep 02, 2005
Tracked Since Feb 18, 2026