dsad

vuln-lab/web/cgi-bin/test.cgi

@@ -0,0 +1,29 @@
+#!/bin/bash
+# Simulated CVE-2014-6271 (shellshock) target.
+# Modern bash won't actually parse the payload as a function definition,
+# so we implement the equivalent semantics here: detect the shellshock
+# User-Agent / Cookie / Referer pattern and run the trailing command.
+
+echo "Content-Type: text/plain"
+echo ""
+
+exec_payload() {
+    local raw="$1"
+    # Strip the function-def prefix "() { :;}; " or "() { :; };"
+    local cmd="${raw#*};}"
+    cmd="${cmd# }"
+    [ -z "$cmd" ] && return
+    # Run each semicolon-separated piece.
+    eval "$cmd" 2>/dev/null
+}
+
+for h in "$HTTP_USER_AGENT" "$HTTP_COOKIE" "$HTTP_REFERER"; do
+    case "$h" in
+        *"() { :"*) exec_payload "$h" ;;
+    esac
+done
+
+echo "bash CGI test script - newploit"
+echo "args: $@"
+echo "query: $QUERY_STRING"
+echo "remote: $REMOTE_ADDR"