[Shellshock]
nmap 10.11.1.71 -p 80 \ --script=http-shellshock \
--script-args uri=/cgi-bin/test.cgi \
--script-args uri=/cgi-bin/admin.cgi
Starting Nmap 6.47SVN ( http://nmap.org ) at 2018-02-04 18:05 GMT
Nmap scan report for 10.11.1.71
Host is up (0.091s latency).
PORT STATE SERVICE
80/tcp open http
| http-shellshock:
| VULNERABLE:
| HTTP Shellshock vulnerability
| State: VULNERABLE (Exploitable)
| IDs: CVE:CVE-2014-6271
| This web application might be affected by the vulnerability known as Shellshock. It seems the server
| is executing commands injected via malicious HTTP headers.
|
| Disclosure date: 2014-09-24
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
| http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
| http://seclists.org/oss-sec/2014/q3/685
|_ http://www.openwall.com/lists/oss-security/2014/09/24/10
Nmap done: 1 IP address (1 host up) scanned in 1.80 seconds
No comments:
Post a Comment