aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/bash/CVE-2014-6271/README.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

26 lines
625 B
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Bash Shellshock Remote Command Injection (CVE-2014-6271)
[中文版本(Chinese version)](README.zh-cn.md)
Build and run the vulnerable environment
```
docker compose build
docker compose up -d
```
When you visit `http://your-ip/` you should see two files:
- safe.cgi
- victim.cgi
safe.cgi generated by the latest version of bash, and victim.cgi is the page generated by bash4.3 which is vulnerable to shellshock.
We can send include our payload in the user-agent string when visiting victim.cgi and the command is executed successfully:
![](1.png)
The same request sent to safe.cgi is unaffected:
![](2.png)
Reference in New Issue View Git Blame Copy Permalink