Huge bash exploit CVE-2014-6271 - Page 3

Qtx · 02-10-2014, 21:23

Some fun to be had with API's too. Such a broad spectrum of goodies that will keep giving

Some nice scripts out that will exploit this over ssl to avoid network filtering rules.

Give it another week or so and we will start to see some huge DDoS tests taking place.

qasdfdsaq · 03-10-2014, 14:36

Quote:

Originally Posted by Ignitionnet

Well here's how to do a vulnerable server via XSS. *Sigh*

Lol!

---------- Post added at 14:36 ---------- Previous post was at 14:33 ----------

Quote:

Originally Posted by Qtx

Some fun to be had with API's too. Such a broad spectrum of goodies that will keep giving

Some nice scripts out that will exploit this over ssl to avoid network filtering rules.

Yeah, I know a few organizations that have deployed signatures on their border firewalls to block these HTTP requests but that doesn't help against SSL or FTP(S). I hope they're not relying solely on their firewalls...

[quote]Give it another week or so and we will start to see some huge DDoS tests taking place.[/QUOTE
IMO webservers aren't as good a source for (D)DoS attacks these days thanks to a lot of provider companies doing outbound filtering and DDoS protection, i.e. detecting if a machine is being used for an attack and blocking it automatically. Course, not all providers do this and the ones that don't are still bandwidth-rich havens.

Qtx · 03-10-2014, 14:40

Bwapp was vulnerable to shellshock before they added shellshock support, which is the funny think about it

qasdfdsaq · 05-10-2014, 05:33

Well, bwapp's blurb is:

Quote:

bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.

It's mere existence is funny

(Or did you mean it wasn't vulnerable?)