CVE-2014-6271 PoC — GNU Bash 远程代码执行漏洞

Source

https://github.com/ryeyao/CVE-2014-6271_Test

Associated Vulnerability

Title:GNU Bash 远程代码执行漏洞 (CVE-2014-6271)
Description:GNU Bash是美国软件开发者布莱恩-福克斯（Brian J. Fox）为GNU计划而编写的一个Shell（命令语言解释器），它运行于类Unix操作系统中（Linux系统的默认Shell），并能够从标准输入设备或文件中读取、执行命令，同时也结合了一部分ksh和csh的特点。 GNU Bash 4.3及之前版本中存在安全漏洞，该漏洞源于程序没有正确处理环境变量值内的函数定义。远程攻击者可借助特制的环境变量利用该漏洞执行任意代码。以下产品和模块可能会被利用：OpenSSH sshd中的ForceComman

Readme

CVE-2014-6271_Test
==================

### CVE-2014-6271_Test

Obviously, this project is used to check if a server with cgi enabled is affected with CVE-2014-6271(aka shellshock).
    
### Dependency

Need GoogleSearchCrawler.

### Usage
* eg:  

            python exp.py -g www.google.com   

    This will test urls collected from google search result with keyword in file `keywords`.   

* run   

            python exp.py

    to see details.

File Snapshot


 [4.0K]  /data/pocs/dbe2eba1a729534ce26072d9d28b2757f3f66596
├── [6.5K]  exp.py
├── [4.0K]  GoogleSearchCrawler
├── [  35]  keywords
├── [ 450]  README.md
└── [ 767]  targets_google

1 directory, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!