CVE-2014-3671

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions by injecting a malicious environment variable via the mail() function. It executes arbitrary commands and returns the output, demonstrating a functional remote code execution (RCE) exploit.

This is a detailed technical analysis of multiple vulnerabilities in Kemp Load Master, including RCE, CSRF, XSS, and DoS. It provides specific exploit vectors, code paths, and injection points, demonstrating a deep understanding of the vulnerabilities.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Pure-FTPd when configured to use external authentication. It injects malicious environment variables via FTP commands to achieve remote code execution.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to execute arbitrary commands via SMTP headers. It sends a crafted email with malicious headers to a vulnerable SMTP server, triggering command execution.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN by injecting malicious environment variables via the username and password fields during authentication. The payload triggers a reverse shell to the attacker's machine, demonstrating remote code execution (RCE) in the context of the OpenVPN server process.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash via DHCP option 114 to execute arbitrary commands. It listens for DHCP DISCOVER broadcasts, crafts malicious OFFER/ACK packets with a reverse shell payload, and sends them to vulnerable clients.

This is a technical writeup explaining the Bash Shellshock vulnerability (CVE-2014-3671), detailing how specially crafted environment variables can inject and execute arbitrary code. It includes an example of the exploit and the expected behavior before and after patching.

This Metasploit module exploits CVE-2014-6271 (Shellshock) and CVE-2014-6278 in CUPS by injecting malicious environment variables via PRINTER_LOCATION. It adds a printer with a crafted PPD file, triggers payload execution via a test print job, and cleans up by deleting the printer.

This PHP script exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a vulnerable CGI script, triggering remote code execution via Bash environment variable injection.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to achieve remote code execution on QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header in HTTP requests to a CGI script.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to spawn a remote admin shell on QNAP Turbo NAS devices by injecting a malicious Bash environment variable via an HTTP User-Agent header. It triggers the utelnetd service on a specified port for remote access.

This exploit leverages ShellShock (CVE-2014-6271) to achieve authenticated remote command injection in IPFire's CGI web interface. It sends a crafted HTTP header with a malicious environment variable to execute arbitrary commands on the target system.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Apache CGI scripts by sending a maliciously crafted HTTP request with a payload that executes arbitrary commands via Bash environment variable injection. The exploit generates an ELF payload, uploads it to the target, and executes it.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The payload is injected via environment variables, leveraging the vulnerability in BASH's function parsing.