CVE-2014-3659

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions directive and execute arbitrary commands. It uses the mail() function with a crafted environment variable to trigger the vulnerability and capture command output.

This is a detailed technical writeup discussing multiple vulnerabilities in Kemp Load Master, including RCE, CSRF, XSS, and DoS. It provides specific attack vectors, code snippets, and exploitation techniques, demonstrating a deep understanding of the vulnerabilities.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Pure-FTPd when configured to use external authentication. It injects malicious environment variables via FTP login to achieve remote code execution.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to execute arbitrary commands via SMTP headers. It sends a crafted email with malicious headers to a vulnerable SMTP server, triggering command execution.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN's authentication script to achieve remote code execution. The attacker injects malicious environment variables via the username and password fields, triggering a reverse shell.

This exploit leverages the Shellshock vulnerability (CVE-2014-6277, etc.) in Bash via DHCP option 114 to execute arbitrary commands. It listens for DHCP DISCOVER broadcasts, crafts malicious OFFER/ACK packets with a reverse shell payload, and sends them to the target.

This is a technical writeup explaining the Bash ShellShock vulnerability (CVE-2014-3659), detailing how specially crafted environment variables can inject and execute arbitrary code. It includes examples of vulnerable and patched behavior, along with an explanation of the root cause.

This Metasploit module exploits CVE-2014-6271 and CVE-2014-6278 (Shellshock) by injecting malicious environment variables into CUPS filters via PRINTER_INFO and PRINTER_LOCATION. It adds a printer with a crafted PPD file, triggers payload execution via a test print job, and cleans up by deleting the printer.

This PHP script exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a vulnerable CGI script, triggering remote code execution via Bash environment variable injection.

This Metasploit module exploits the ShellShock vulnerability (CVE-2014-6271) in QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header to achieve remote code execution. It sends a crafted HTTP request to a CGI script, leveraging the Bash environment variable injection flaw to execute arbitrary commands.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to spawn a remote admin shell on QNAP Turbo NAS devices by injecting a malicious Bash environment variable via an HTTP request, which triggers the execution of a utelnetd service for remote access.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in IPFire's web interface to execute arbitrary commands via crafted HTTP headers. It authenticates with the target system and injects a malicious environment variable to achieve remote code execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Apache CGI scripts by sending a maliciously crafted HTTP request with a payload that executes arbitrary commands via Bash environment variable injection. The exploit generates an ELF payload, uploads it to the target, and executes it to achieve remote code execution.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The exploit leverages the vulnerability in BASH's environment variable parsing to inject and execute commands.