nerdexam
EC-Council

312-50V9 · Question #460

What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

The correct answer is A. Through Web servers utilizing CGI (Common Gateway Interface) to send a malformed. Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash One specific exploitation vector of the Shellshock bug is CGI-based web servers. Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes v

Hacking Web Servers

Question

What is the most common method to exploit the "Bash Bug" or "ShellShock" vulnerability?

Options

  • AThrough Web servers utilizing CGI (Common Gateway Interface) to send a malformed
  • BManipulate format strings in text fields
  • CSSH
  • DSYN Flood

How the community answered

(50 responses)
  • A
    80% (40)
  • B
    2% (1)
  • C
    12% (6)
  • D
    6% (3)

Explanation

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash One specific exploitation vector of the Shellshock bug is CGI-based web servers. Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the request to a handler program in the environment variable list. For example, the variable HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the request handler is a Bash script, or if it executes one for example using the system call, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request. https://en.wikipedia.org/wiki/Shellshock_(software_bug)#Specific_exploitation_vectors

Topics

#ShellShock#Bash Bug#CGI exploitation#web server vulnerability

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice