module
Apache mod_cgi Bash Environment Variable Injection (Shellshock) Scanner
| Disclosed |
|---|
| Sep 24, 2014 |
Disclosed
Sep 24, 2014
Description
This module scans for the Shellshock vulnerability, a flaw in how the Bash shell
handles external environment variables. This module targets CGI scripts in the
Apache web server by setting the HTTP_USER_AGENT environment variable to a
malicious function definition.
PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your
CMD, set ExitOnSession false, run -j, and then run this module to create
sessions on vulnerable hosts.
Note that this is not the recommended method for obtaining shells.
If you require sessions, please use the apache_mod_cgi_bash_env_exec
exploit module instead.
handles external environment variables. This module targets CGI scripts in the
Apache web server by setting the HTTP_USER_AGENT environment variable to a
malicious function definition.
PROTIP: Use exploit/multi/handler with a PAYLOAD appropriate to your
CMD, set ExitOnSession false, run -j, and then run this module to create
sessions on vulnerable hosts.
Note that this is not the recommended method for obtaining shells.
If you require sessions, please use the apache_mod_cgi_bash_env_exec
exploit module instead.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.