EC-CouncilEC-Council
312-50V13 · Question #358
312-50V13 Question #358: Real Exam Question with Answer & Explanation
The correct answer is C: Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed. The 'Bash Bug' or 'Shellshock' vulnerability was most commonly exploited through web servers using CGI to pass malformed HTTP headers as environment variables to Bash.
Submitted by satoshi_tk· Mar 6, 2026System Hacking
Question
What is the most common method to exploit the "Bash Bug" or "Shellshock" vulnerability?
Options
- ASYN Flood
- BSSH
- CThrough Web servers utilizing CGI (Common Gateway Interface) to send a malformed
- DManipulate format strings in text fields
Explanation
The 'Bash Bug' or 'Shellshock' vulnerability was most commonly exploited through web servers using CGI to pass malformed HTTP headers as environment variables to Bash.
Common mistakes.
- A. SYN Flood is a Denial of Service (DoS) attack that overwhelms a target by exploiting the TCP three-way handshake, and is unrelated to the Shellshock vulnerability.
- B. While Bash is used with SSH, direct exploitation of Shellshock for initial access was primarily through web servers; an attacker already having SSH access could leverage Shellshock, but it wasn't the most common method for exploiting the bug to gain initial unauthorized access.
- D. Manipulating format strings exploits vulnerabilities in how programs handle string formatting functions (e.g.,
printf), which is a different class of vulnerability from Shellshock's environment variable parsing flaw.
Concept tested. Shellshock (Bash Bug) exploitation
Reference. https://access.redhat.com/articles/1200223
Topics
#Shellshock#Bash vulnerability#CGI exploitation#Web server attacks
Community Discussion
No community discussion yet for this question.