CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug).

ShellShock-CGI-Scan
===================

A script, in C, to check if CGI scripts are vulnerable to CVE-2014-6271 (The Bash Bug).

Options:

	-i (local ip-address)
	
	-p (port to listen)
	
	-l (site list)
	
	-t (connection timeout) (Default: 15s)

Example:
  $ ./Scanner -i 127.0.0.1 -p 31337 -l sites.txt -t 5

  Starting listen in localhost on port 31337, scan sites in file 'sites.txt', and set connection timeout to 5 seconds.

Preview:

![alt tag](https://dl.dropboxusercontent.com/u/53811115/mmxm.png)

 [4.0K]  /data/pocs/061899fcb604131918c7cc5493d2cd0c2ae161b0
├── [4.4K]  CVE-2014-6271.c
├── [1.1K]  license.txt
├── [ 507]  README.md
└── [ 13K]  Scanner

0 directories, 4 files