CVE-2006-0628

Dale Ray MyQuiz 1.01 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0628. PoCs published by Hessam-x.

AI-analyzed exploit summary This Perl script exploits a command injection vulnerability in MyQuiz by appending arbitrary commands to the URL path. It uses LWP::Simple to send HTTP requests to the target, executing the provided command.

Description

myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappscgi

https://www.exploit-db.com/exploits/1471

View Code ZIP pw:eip

This Perl script exploits a command injection vulnerability in MyQuiz by appending arbitrary commands to the URL path. It uses LWP::Simple to send HTTP requests to the target, executing the provided command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MyQuiz (version not specified)

No auth needed

Prerequisites: Target with vulnerable MyQuiz installation · Network access to the target

MITRE ATT&CK