Analecta Cyber Company Blog: Shellshock Exploit

2014-09-27

Shellshock Exploit

Shellshock exploitation demonstration video CVE-2014-6271 CVE-2014-7169


We built a demonstration of the Shellshock remote exploit via Apache 2 CGI. We're still investigating which versions of PHP on Apache are vulnerable - but the current release of mod_php does not appear to suffer from the environment variable assignment.

Check out the demonstration of this exploit below.