Shellshock Attack (CGI Vector)

What is that CGI — Common Gateway Interface?

Theoretically:

Technically:

How it works?

/cgi-bin/

bash — Environment Variable Intro

Function Syntax

func() {
echo "FOO"
}
IN ONE LINE:
func_one() { echo "FOO"; }
func_two() { /bin/cat /etc/passwd; }

Environment Variable

#Create a shell variable within our current session:
MY_VAR="Hi There"
# Then export the variable, so the child shell can use it:
export MY_VAR
#Create a shell function:
func () { echo "Hello world"; }
#Create a shell function that returns nothing:
func () { :; }
#Export the function properly (it'll be important in the future):
export -f func

Shellshock CGI Attack — What is all about?

What do you mean: “save environment variables in incorrect way”

#Example:
MY_VAR='() { :; }; echo Vulnerable' bash -c 'echo "Start A new child shell"'

CGI + Save environment variables = Shellshock

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store