In my previous post I gave an overview about the key events that happened during the week that GNU Bash vulnerability – Shellshock – got disclosed. In this post would like to demonstrate a hand’s on scenario that will allow one to have a better practical understanding on how someone could exploit the Shellshock vulnerability using HTTP requests to CGI scripts.
more here...........http://countuponsecurity.com/2014/10/06/shellshock-hands-on/
more here...........http://countuponsecurity.com/2014/10/06/shellshock-hands-on/