Re: Huge bash exploit CVE-2014-6271
 

Some fun to be had with API's too. Such a broad spectrum of goodies that will keep giving :D Some nice scripts out that will exploit this over ssl to avoid network filtering rules.

Give it another week or so and we will start to see some huge DDoS tests taking place.

Re: Huge bash exploit CVE-2014-6271
 

Lol!

---------- Post added at 14:36 ---------- Previous post was at 14:33 ----------

Yeah, I know a few organizations that have deployed signatures on their border firewalls to block these HTTP requests but that doesn't help against SSL or FTP(S). I hope they're not relying solely on their firewalls...


[quote]Give it another week or so and we will start to see some huge DDoS tests taking place.[/QUOTE
IMO webservers aren't as good a source for (D)DoS attacks these days thanks to a lot of provider companies doing outbound filtering and DDoS protection, i.e. detecting if a machine is being used for an attack and blocking it automatically. Course, not all providers do this and the ones that don't are still bandwidth-rich havens.

Re: Huge bash exploit CVE-2014-6271
 

Bwapp was vulnerable to shellshock before they added shellshock support, which is the funny think about it :p:

Re: Huge bash exploit CVE-2014-6271
 

Well, bwapp's blurb is: It's mere existence is funny

(Or did you mean it wasn't vulnerable?)