Friday, October 3, 2014

Shellshock Test

Here is the one line of code to check if your bash is vulnerable to shellshock bug or not. Just copy and run the command on the shell prompt and if it shows "Yes vulnerable" then patch your bash

env x='() { :;}; echo Yes vulnerable' bash -c "echo Test complete"

This is a test script so it just have echo statement but in real attack this vulnerability can be use to exploit almost anything. Many bots around the globe has already started exploiting this vulnerability. The worst part is that no one can come up with the list of program which uses bash internally.

No comments: