try it with DHCP instead https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/
On Sat, Sep 27, 2014 at 11:36 AM, boazg <boaz.ge...@gmail.com> wrote: > you need to find a vulnerable site. CGI doesn't have to pass through bash. > you need a site that opens a subshell for something. they aren't uncommon, > but it's not every linux-CGI site. > > On Fri, Sep 26, 2014 at 2:33 PM, Eli Billauer <e...@billauer.co.il> wrote: > >> Hi, >> >> I did >> >> # yum upgrade bash >> >> on Haifux' server, and it's off the hook. But I was also surprised that >> it the attack failed even before that. >> >> Eli >> >> >> On 26/09/14 12:39, guy keren wrote: >> >>> On 09/26/2014 12:30 PM, Eli Billauer wrote: >>> >>>> env x='() { :;}; echo vulnerable' bash -c 'echo This is a test' >>>> >>> >>> you're too late - there's a (partial?) fix being distributed around... >>> >>> --guy >>> _______________________________________________ >>> Haifux mailing list >>> Haifux@haifux.org >>> http://haifux.org/mailman/listinfo/haifux >>> >>> >> >> -- >> Web: http://www.billauer.co.il >> >> >> _______________________________________________ >> Haifux mailing list >> Haifux@haifux.org >> http://haifux.org/mailman/listinfo/haifux >> > >
_______________________________________________ Haifux mailing list Haifux@haifux.org http://haifux.org/mailman/listinfo/haifux