Thread: Huge bash exploit CVE-2014-6271
View Single Post
Old 03-10-2014, 13:36   #32
qasdfdsaq
cf.mega poster
 
Join Date: Aug 2004
Posts: 11,207
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
qasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronzeqasdfdsaq is cast in bronze
Re: Huge bash exploit CVE-2014-6271
Quote:
Originally Posted by Ignitionnet View Post
Well here's how to do a vulnerable server via XSS. *Sigh*
Lol!

---------- Post added at 14:36 ---------- Previous post was at 14:33 ----------

Quote:
Originally Posted by Qtx View Post
Some fun to be had with API's too. Such a broad spectrum of goodies that will keep giving Some nice scripts out that will exploit this over ssl to avoid network filtering rules.
Yeah, I know a few organizations that have deployed signatures on their border firewalls to block these HTTP requests but that doesn't help against SSL or FTP(S). I hope they're not relying solely on their firewalls...


[quote]Give it another week or so and we will start to see some huge DDoS tests taking place.[/QUOTE
IMO webservers aren't as good a source for (D)DoS attacks these days thanks to a lot of provider companies doing outbound filtering and DDoS protection, i.e. detecting if a machine is being used for an attack and blocking it automatically. Course, not all providers do this and the ones that don't are still bandwidth-rich havens.
qasdfdsaq is offline   Reply With Quote