CVE-2014-6278

This Metasploit module exploits CVE-2014-6271 (Shellshock) by injecting malicious environment variables into CGI scripts via HTTP headers, allowing remote command execution. It includes checks for both CVE-2014-6271 and CVE-2014-6278.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271 and CVE-2014-6278) in Bash by injecting malicious environment variables via HTTP headers to achieve remote code execution on vulnerable Apache mod_cgi configurations.

This exploit leverages the Shellshock vulnerability (CVE-2014-6278) in Cisco UCS Manager 2.1(1b) to execute arbitrary commands via a maliciously crafted User-Agent header, resulting in a reverse shell. It first checks for vulnerability by fetching /etc/passwd before attempting to spawn the shell.

This exploit leverages the ShellShock vulnerability (CVE-2014-6278) in Sun Secure Global Desktop and Oracle Global Desktop by injecting a malicious HTTP User-Agent header to execute arbitrary commands on the target system. The PoC demonstrates command injection via a crafted curl request to the vulnerable CGI script.

This exploit leverages the Shellshock vulnerability (CVE-2014-6278) in Apache mod_cgi to execute arbitrary commands via maliciously crafted HTTP headers. It supports both reverse and bind shell payloads for remote code execution.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in CUPS by injecting malicious environment variables through PRINTER_INFO and PRINTER_LOCATION. It leverages Bash's flawed environment variable handling to achieve remote code execution.

This repository contains the RouterSploit framework, an exploitation toolkit for embedded devices, including modules for exploits, credential testing, scanners, and payloads. It is designed to test and exploit vulnerabilities in routers and other embedded systems.

This repository provides a detailed technical walkthrough of exploiting CVE-2014-6278 (Shellshock), including vulnerability verification, payload generation, and privilege escalation techniques. It includes practical examples of using curl to trigger the vulnerability and Python to upgrade shells.

This exploit leverages the ShellShock vulnerability (CVE-2014-6278) by injecting malicious environment variables via DHCP responses. It crafts DHCP Offer/ACK packets with a payload in the 'dump_path' option, which is processed by the vulnerable Bash shell when the victim's dhclient executes the environment variable.

This exploit leverages the Shellshock vulnerability (CVE-2014-6278) in Bash by crafting malicious DHCP packets with a payload in the URL option (114) to trigger remote code execution. It listens for DHCP DISCOVER broadcasts, extracts client details, and responds with malicious OFFER and ACK packets containing a reverse shell payload.