Analecta Cyber Company Blog: Shellshock Exploit


Shellshock Exploit

Shellshock exploitation demonstration video CVE-2014-6271 CVE-2014-7169

We built a demonstration of the Shellshock remote exploit via Apache 2 CGI. We're still investigating which versions of PHP on Apache are vulnerable - but the current release of mod_php does not appear to suffer from the environment variable assignment.

Check out the demonstration of this exploit below.