CVE-2010-2626

Miyabi CGI Tools SEO Links 1.02 - Remote Command Execution via fn Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2626. PoCs published by Marshall Whittaker.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Miyabi CGI Tools 1.02 by injecting arbitrary commands via the 'fn' parameter in the URL. The PoC uses 'uname -a' to show command execution, but other commands could be injected similarly.

Description

index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Marshall Whittaker · textwebappscgi

https://www.exploit-db.com/exploits/34223

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in Miyabi CGI Tools 1.02 by injecting arbitrary commands via the 'fn' parameter in the URL. The PoC uses 'uname -a' to show command execution, but other commands could be injected similarly.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Miyabi CGI Tools 1.02

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK