Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source
https://github.com/gabemarshall/shocknaww
Associated Vulnerability
Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
Description
Simple script to check for CVE-2014-6271
Readme
shocknaww
=========

Simple script to check for CVE-2014-6271

### Example Usage

```
./shocknaww.py http://foo.bar/cgi-bin/foo
```

### Sample vulnerable environment

From the parent directory, run the following.

```
python -m CGIHTTPServer
```

Now use shocknaww against your localhost test server.

```
./shocknaww.py http://127.0.0.1:8000/test.py
```
File Snapshot

 [4.0K]  /data/pocs/b6b50330a6cc133de9f925bc8983f3012de2f733
├── [4.0K]  cgi-bin
│   └── [  64]  test.py
├── [ 356]  README.md
└── [1.1K]  shocknaww.py

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →