While testing an outdated Apache 2.2 server that still exposes /cgi-bin/, you send an HTTP request whose User-Agent header starts with "() { :; }; /usr/bin/id". The server returns 200 OK and your listener immediately receives the command output. Which web-server attack have you successfully executed to gain remote code execution?
The payload beginning with "() { :; };" abuses the Shellshock vulnerability in GNU Bash. When Apache's CGI module translates HTTP headers into environment variables, Bash incorrectly treats the crafted value as a function definition and executes the appended command, giving the attacker remote code execution. Slowloris is a denial-of-service technique that holds connections open, not command execution. HTTP verb tampering relies on alternative methods like HEAD or DELETE to bypass restrictions but does not exploit Bash. POODLE targets SSL 3.0 negotiation, affecting encryption rather than the web server's request handling.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Shellshock vulnerability?
Open an interactive chat with Bash
What is CGI and how does it relate to Shellshock?
Open an interactive chat with Bash
How does the Shellshock attack compare to other web-server attacks like POODLE or Slowloris?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Web Application Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .