Gnu Bash 4.3 and below Cgi Scan + Remote Command Injection Exploit

gnu bash 4.3

[claudio@localhost ~]$ ./bash_env_rci_v2.py

      _______                 _______             __
     |   _   .-----.--.--.   |   _   .---.-.-----|  |--.
     |.  |___|     |  |  |   |.  1   |  _  |__ --|     |
     |.  |   |__|__|_____|   |.  _   |___._|_____|__|__|
     |:  1   |               |:  1    \
     |::.. . |               |::.. .  /
     `-------'               `-------'
      ___ ___   _______     _______ _______ ___
     |   Y   | |   _   |   |   _   |   _   |   |
     |   |   |_|___|   |   |.  l   |.  1___|.  |
     |____   |___(__   |   |.  _   |.  |___|.  |
         |:  | |:  1   |   |:  |   |:  1   |:  |
         |::.| |::.. . |   |::.|:. |::.. . |::.|
         `---' `-------'   `--- ---`-------`---'

                              Gnu B4sh <= 4.3 Cg1 Sc4n + r3m0t3 C0mm4nd Inj3ct10n

          ==========================================
          - Release date: 2014-09-25
          - Discovered by: Stephane Chazelas
          - CVE: 2014-6271
          ===========================================

                        Written by:

                      Claudio Viviani

                   http://www.homelab.it

                      info@homelab.it
                  homelabit@protonmail.ch

             https://www.facebook.com/homelabit
                https://twitter.com/homelabit
             https://plus.google.com/+HomelabIt1/
   https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

usage: bash_env_rci_v2.py [-s] -t http://localhost/cgi-bin/test -c "touch /tmp/test.txt"

options:
  -h, --help            show this help message and exit
  -t TARGET, --target=TARGET
                        Insert TARGET URL: http[s]://www.victim.com[:PORT]
  -c CMD, --cmd=CMD     Insert command name
  -s, --scan            Scan Only

Download

Download: gnu_b4sh_43_rci_v2.py 
          gnu_b4sh_43_rci.py (Mega Mirror)

Video