Pages

NMAP NSE Cheet Sheet


[Shellshock]

nmap 10.11.1.71 -p 80 \                                                                                                                              --script=http-shellshock \
--script-args uri=/cgi-bin/test.cgi \
--script-args uri=/cgi-bin/admin.cgi

Starting Nmap 6.47SVN ( http://nmap.org ) at 2018-02-04 18:05 GMT
Nmap scan report for 10.11.1.71
Host is up (0.091s latency).
PORT   STATE SERVICE
80/tcp open  http
| http-shellshock:
|   VULNERABLE:
|   HTTP Shellshock vulnerability
|     State: VULNERABLE (Exploitable)
|     IDs:  CVE:CVE-2014-6271
|       This web application might be affected by the vulnerability known as Shellshock. It seems the server
|       is executing commands injected via malicious HTTP headers.
|           
|     Disclosure date: 2014-09-24
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169
|       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271
|       http://seclists.org/oss-sec/2014/q3/685
|_      http://www.openwall.com/lists/oss-security/2014/09/24/10

Nmap done: 1 IP address (1 host up) scanned in 1.80 seconds


No comments:

Post a Comment