#!/bin/bash
# Simulated CVE-2014-6271 (shellshock) target.
# Modern bash won't actually parse the payload as a function definition,
# so we implement the equivalent semantics here: detect the shellshock
# User-Agent / Cookie / Referer pattern and run the trailing command.

echo "Content-Type: text/plain"
echo ""

exec_payload() {
    local raw="$1"
    # Strip the function-def prefix "() { :;}; " or "() { :; };"
    local cmd="${raw#*};}"
    cmd="${cmd# }"
    [ -z "$cmd" ] && return
    # Run each semicolon-separated piece.
    eval "$cmd" 2>/dev/null
}

for h in "$HTTP_USER_AGENT" "$HTTP_COOKIE" "$HTTP_REFERER"; do
    case "$h" in
        *"() { :"*) exec_payload "$h" ;;
    esac
done

echo "bash CGI test script - newploit"
echo "args: $@"
echo "query: $QUERY_STRING"
echo "remote: $REMOTE_ADDR"