Bash Shellshock Remote Command Injection (CVE-2014-6271)¶
Build and run the vulnerable environment:
docker compose build
docker compose up -d
When you visit http://your-ip/ you should see two files:
- safe.cgi
- victim.cgi
safe.cgi generated by the latest version of bash, and victim.cgi is the page generated by bash4.3 which is vulnerable to shellshock.
We can send include our payload in the user-agent string when visiting victim.cgi and the command is executed successfully:
The same request sent to safe.cgi is unaffected:
