CVE-2014-7169

This repository contains a Chef cookbook designed to audit and remediate systems vulnerable to CVE-2014-7169 (Shellshock). It includes an OHAI plugin to detect vulnerability and recipes to upgrade Bash via the system's package manager.

The repository contains only a README.md file with minimal information about CVE-2014-7169 (Shellshock) but no actual exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository contains a Chef cookbook for detecting and remediating the Shellshock vulnerability (CVE-2014-7169) in Bash. It includes an Ohai plugin to check for vulnerability and recipes to upgrade Bash if vulnerable.

This PHP script exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a vulnerable CGI script, triggering remote code execution via specially crafted environment variables in Bash.

This Metasploit module exploits CVE-2014-6271 (ShellShock) to spawn a remote admin shell on QNAP Turbo NAS devices by injecting malicious environment variables via HTTP headers, triggering a reverse shell via utelnetd.

This Metasploit module exploits CVE-2014-6271 (ShellShock) in QNAP Turbo NAS devices by injecting malicious environment variables via the User-Agent header in HTTP requests to execute arbitrary commands with admin privileges.

This Metasploit module exploits CVE-2014-6271 (Shellshock) by sending a crafted HTTP request with a malicious User-Agent header to a BASH-based CGI script, allowing arbitrary command execution. The exploit leverages the vulnerability in BASH's environment variable handling to inject and execute commands.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-6271) in Apache CGI scripts by injecting a malicious HTTP User-Agent header to execute arbitrary commands, specifically delivering a payload to a target system.

This exploit leverages the Shellshock vulnerability (CVE-2014-6271) in Bash to bypass PHP's disable_functions by injecting malicious environment variables via the mail() function. It executes arbitrary commands and captures the output by writing to a temporary file.

This exploit leverages the Shellshock vulnerability (CVE-2014-7169) in Bash to execute arbitrary commands via SMTP headers. It sends a crafted email with malicious headers to a vulnerable SMTP server, triggering command execution.

This Metasploit module exploits CVE-2014-7169 (Shellshock) by injecting malicious environment variables into CUPS filters via PRINTER_INFO and PRINTER_LOCATION. It supports both CVE-2014-6271 and CVE-2014-6278 payloads, achieving remote code execution on vulnerable CUPS servers.

This Metasploit module exploits the Shellshock vulnerability (CVE-2014-7169) in Pure-FTPd by injecting malicious environment variables via FTP authentication. It leverages the bash environment variable code injection flaw to achieve remote command execution.

This exploit leverages the ShellShock vulnerability (CVE-2014-7169) by injecting malicious environment variables into DHCP responses. It uses Scapy to craft DHCP packets with a payload that triggers command execution in vulnerable Bash versions.

This is a technical writeup explaining the Bash Shellshock vulnerability (CVE-2014-7169), detailing how specially crafted environment variables can inject and execute arbitrary code. It includes examples of vulnerable and patched behavior, demonstrating the root cause and fix.

This exploit leverages the Shellshock vulnerability (CVE-2014-7169) in Bash by crafting malicious DHCP packets. It listens for DHCP DISCOVER broadcasts, extracts client details, and responds with an OFFER and ACK containing a malicious payload in the URL option (114), triggering remote code execution.

This exploit leverages the ShellShock vulnerability (CVE-2014-6271) in OpenVPN's authentication script to execute arbitrary commands via environment variables, resulting in a reverse shell. The PoC demonstrates how a malicious client can exploit the vulnerability by injecting a payload into the username and password fields during authentication.

This is a detailed technical analysis of multiple vulnerabilities in Kemp Load Master, including RCE via command injection in CGI scripts, CSRF, XSS, and DoS. The writeup provides root cause analysis, affected endpoints, and exploitation techniques, but does not include functional exploit code.

This repository contains a Bash script that scans for Shellshock vulnerabilities (CVE-2014-6271 & CVE-2014-7169) by sending crafted HTTP headers to a target URL and checking the response for indicators of vulnerability. It does not exploit the vulnerability but detects its presence.

This exploit leverages ShellShock (CVE-2014-7169) to perform authenticated remote command injection on IPFire <= 2.15 core 82 via a crafted HTTP header. It uses Basic Auth to authenticate and injects a malicious environment variable to execute arbitrary commands.