CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

https://github.com/ryeyao/CVE-2014-6271_Test

Associated Vulnerability

Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Readme

CVE-2014-6271_Test
==================

### CVE-2014-6271_Test

Obviously, this project is used to check if a server with cgi enabled is affected with CVE-2014-6271(aka shellshock).
    
### Dependency

Need GoogleSearchCrawler.

### Usage
* eg:  

            python exp.py -g www.google.com   

    This will test urls collected from google search result with keyword in file `keywords`.   

* run   

            python exp.py

    to see details.

File Snapshot


 [4.0K]  /data/pocs/dbe2eba1a729534ce26072d9d28b2757f3f66596
├── [6.5K]  exp.py
├── [4.0K]  GoogleSearchCrawler
├── [  35]  keywords
├── [ 450]  README.md
└── [ 767]  targets_google

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!