Tag: execute

這讓人無言了，Bash 的遠端執行安全漏洞，CVE-2014-6271：

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

可以在 oss-sec 上面看到說明「Re: CVE-2014-6271: remote code execution through bash」：

Debian and other GNU/Linux vendors plan to disclose a critical, remotely exploitable security vulnerability in bash this week, related to the processing of environment variables. Stephane Chazelas discovered it, and CVE-2014-6271 has been assigned to it.

透過環境變數打進去... Redhat 的「Bash specially-crafted environment variables code injection attack」這篇也給了不少例子。

Linux 下通常最常用的 shell 應該還是 Bash 吧？(雖然也看到不少人用 Zsh...)

然後 Twitter 上看到非常邪惡的 Google Hack：

google filetype:sh inurl:cgi-bin;

— dragosr (@dragosr) September 25, 2014

大家可以自己加上 site: 去掃...