env x='() { :;}; echo vulnerable' bash -c "echo this is a test"If ' vulnerable' is print. It seems that "echo" command in this function can be injected to run.
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
沒有留言:
張貼留言