CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

Associated Vulnerability

Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Description

shellshock CVE-2014-6271 CGI Exploit,  Use like Openssh via CGI

Readme

CGIShell
========

* [shellshock](https://shellshocker.net/)
* CVE-2014-6271 CGI Exploit
* Use like OpenSSH via CGI Page

Use
===

`python cgishell.py 'http://www.google.com/cve-2014-6271/poc.cgi'`


Screenshot
==========

![Success](http://i.v2ex.co/5sVSEz4Yl.png "")

Dependence
==========

* Windows needed `pyreadline`
* It is not needed `chardet`

Future
======

* Add TestCase
* HTTP Login Support
* http transmission gzip compression
* chardet identify and decode
* any bug fix

Issues
======

* Windows Untest

File Snapshot


 [4.0K]  /data/pocs/a64f8fbf262a6b0541efe184a82224898422a194
├── [1.3K]  LICENSE
├── [ 518]  README.md
├── [  31]  requirements.txt
└── [4.0K]  src
    └── [4.0K]  cgishell.py

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!