Published: 13/01/2015 Updated: 07/11/2023

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6271. Reason: This candidate is a duplicate of CVE-2014-6271. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

Exploit Database Note: The following is an excerpt from: securityblogredhatcom/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables Th ...

require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'bashedCgi', 'Description' => %q{ Quick & dirty module to send the BASH ex ...

# Exploit Title: Kemp Load Master - Multiple Vulnerabilities (RCE, CSRF, XSS, DoS) # Date: 01 April 2015 # Author: Roberto Suggi Liverani # Software Link: kemptechnologiescom/load-balancer/ # Version: 7116 and previous versions # Tested on: Kemp Load Master 71-16 # CVE : CVE-2014-5287/5288 Link: blogmalerischnet/2015/04/playing ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, 'Name' => 'CUPS Fi ...

#!/usr/bin/env python # # Exploit Title : IPFire <= 215 core 82 Authenticated cgi Remote Command Injection (ShellShock) # # Exploit Author : Claudio Viviani # # Vendor Homepage : wwwipfireorg # # Software Link: downloadsipfireorg/releases/ipfire-2x/215-core82/ipfire-215i586-full-core82iso # # Date : 2014-09-29 # # Fixed v ...

#!/usr/bin/python # Exploit Title: dhclient shellshocker # Google Dork: n/a # Date: 10/1/14 # Exploit Author: @0x00string # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/bash-43targz # Version: 4311 # Tested on: Ubuntu 14041 # CVE : CVE-2014-6277,CVE-2014-6278,CVE-2014-7169,CVE-2014-7186,CVE-2014-7187 # ______ ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info ...

# Exploit Title: QNAP Web server remote code execution via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: ww ...

# Exploit Title: PHP 5x Shellshock Exploit (bypass disable_functions) # Google Dork: none # Date: 10/31/2014 # Exploit Author: Ryan King (Starfall) # Vendor Homepage: phpnet # Software Link: phpnet/get/php-562tarbz2/from/a/mirror # Version: 5* (tested on 562) # Tested on: Debian 7 and CentOS 5 and 6 # CVE: CVE-2014-6271 < ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit4 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Ftp include Msf::Exploit::CmdStager def initialize(info = {}) super(update_info(i ...

# Exploit Title: ShellShock OpenVPN Exploit # Date: Fri Oct 3 15:48:08 EDT 2014 # Exploit Author: hobbily AKA @fj33r # Version: 2229 # Tested on: Debian Linux # CVE : CVE-2014-6271 #Probably should of submitted this the day I tweeted it ### serverconf port 1194 proto udp dev tun client-cert-not-required auth-user-pass-verify /etc/openvpn ...

#!/bin/python # Exploit Title: Shellshock SMTP Exploit # Date: 10/3/2014 # Exploit Author: fattymcwopr # Vendor Homepage: gnuorg # Software Link: ftpgnuorg/gnu/bash/ # Version: 42x < 4248 # Tested on: Debian 7 (postfix smtp server w/procmail) # CVE : 2014-6271 from socket import * import sys def usage(): print "shellshock_sm ...

# Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection # Date: 7 February 2015 # Exploit Author: Patrick Pellegrino | 0x700x700x650x6c0x6c0x650x670x720x690x6e0x6f@securegroupit [work] / 0x640x330x760x620x700x70@gmailcom [other] # Employer homepage: wwwsecuregroupit # Vendor homepage: wwwqnapcom # Version: ...

<?php /* Title: Bash Specially-crafted Environment Variables Code Injection Vulnerability CVE: 2014-6271 Vendor Homepage: wwwgnuorg/software/bash/ Author: Prakhar Prasad && Subho Halder Author Homepage: prakharprasadcom && appknoxcom Date: September 25th 2014 Tested on: Mac OS X 1094/1095 with Apac ...

https://nvd.nist.gov https://www.exploit-db.com/exploits/34765/

Get Started

CVE-2014-62771

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect