Answer by billyw for How does the updated Shellshock vulnerability test for...
I've been digging around the webs for a bit since I first posted this question.According the original discoverer of the bug, bash prior to the CVE-2014-6271 patch imported a function such as:foo=() {...
View ArticleAnswer by mc0e for How does the updated Shellshock vulnerability test for...
It doesn't give you a nice clean output, but it does demonstrate the bug.With no bug, the environment variable X should be ignored, bash should run echo date, and cat should complain that there is no...
View ArticleHow does the updated Shellshock vulnerability test for CVE-2014-7169 work?
I understand the original test for CVE-2014-6271, which was:$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"But I'm confused by the updated test and corresponding output for...
View Article
More Pages to Explore .....