This is an incomplete catalog of potential exploitation vectors for CVE-2014-6721, or “Shell Shock”. I’m posting this hastily and will update it continuously with new findings. Please leave a comment if you can think of any vectors not listed here.
For a service to be vulnerable to Shell Shock, three conditions must be met:
It must set an environment variable whose value (not necessarily name) is attacker-controlled, and particularly must be made to begin with () {.
It must invoke bash.
The system must be running a vulnerable version of bash.
more here............https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html
For a service to be vulnerable to Shell Shock, three conditions must be met:
It must set an environment variable whose value (not necessarily name) is attacker-controlled, and particularly must be made to begin with () {.
It must invoke bash.
The system must be running a vulnerable version of bash.
more here............https://www.dfranke.us/posts/2014-09-27-shell-shock-exploitation-vectors.html