cve 2014-6278 shell shock vulnerability in index.php

228 views

Skip to first unread message

jupit...@gmail.com

unread,

Aug 5, 2017, 10:26:23 AM8/5/17

to null

Hello Guys,

Recently i tried to exploit a new website which is vulnerable to shell shock it is pretty good but now i am little bit confusing shell shock vulnerability in cgi scripts are easy to exploit by using metaspolit module or manual testing using burpsuite how ever the nikto shows me that the vulnerability is in /index.php how to processed with this any clues?

Here is the nikto result

OSVDB-112004: /: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278). + OSVDB-112004: /index.php: Site appears vulnerable to the 'shellshock' vulnerability (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278). + OSVDB-3092: /xmlrpc.php: xmlrpc.php was found. + /help.php: A help file was found.

Reply all

Reply to author

Forward

0 new messages