Bonus bash thoughts but no change on my view,

I was scanned run against apache with.

cat access_log |grep “{ :;};”

Grep from here [not this blog] The scan looks like – – [25/Sep/2014:10:59:54 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0” 403 543 “-” “() { :;}; /bin/ping -c 1”

My view is the same, as

  1. ping is userland not an special tool
  2. defaultwebpage.cgi would need to be created and i dont have one
  3. its a 403 code so you need a user to make the file, change its permissions to the apache group …
  4. is a rackspace ‘cloud’ server
  5. is netherlands based
  6. “admin” commands like ifdown* still need privileges here


Its interesting to see but needs work.

* old so ip would be ‘modern’

One response

  1. Pingback: One week of bash exploits | Bananas in the Falklands

by golly but...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.