Check your hoster for Shellshock vulnerability (part 2)
Recently, HostTracker introduced the Shellshock vulnerability check function using cookies, which was described in the corresponding publication . Following the wishes of our clients, as well as the comments to the previous article, we have somewhat expanded the functionality of the check - now you can try Shellshock using any field in the http request, and not just the cookie.
To begin with, we briefly describe the history of the creation of this check. Shortly after the publicity of the existence of this vulnerability, it was discovered on one of our servers, at which its hormold habrauser (as it later turned out) discovered it, and informed us, for which we thank him separately. In the process of clarifying the situation and eliminating the hole, the idea came to create the easiest service to check for vulnerabilities, since the methods described at that time were quite complex and, most importantly, required many rights that happy virtual hosting owners usually do not have. What happened as a result was simple and convenient, but we received several requests for empowerment, including from the inhabitants of Habr. Actually, they are implemented and presented below.
')
The algorithm is quite simple, described in detail here , but now it is possible to check not only cookies, but also Referer, User-Agent and other fields of your choice. This somewhat expands the possibilities of using this feature. There was also an idea to combine all the checks by performing them sequentially - but, as a result, we had to abandon it due to the large number of requests that would have to be sent to the experimental server. The execution time of the “combined” check would also significantly increase.
To begin with, we briefly describe the history of the creation of this check. Shortly after the publicity of the existence of this vulnerability, it was discovered on one of our servers, at which its hormold habrauser (as it later turned out) discovered it, and informed us, for which we thank him separately. In the process of clarifying the situation and eliminating the hole, the idea came to create the easiest service to check for vulnerabilities, since the methods described at that time were quite complex and, most importantly, required many rights that happy virtual hosting owners usually do not have. What happened as a result was simple and convenient, but we received several requests for empowerment, including from the inhabitants of Habr. Actually, they are implemented and presented below.
')
What's new?
The algorithm is quite simple, described in detail here , but now it is possible to check not only cookies, but also Referer, User-Agent and other fields of your choice. This somewhat expands the possibilities of using this feature. There was also an idea to combine all the checks by performing them sequentially - but, as a result, we had to abandon it due to the large number of requests that would have to be sent to the experimental server. The execution time of the “combined” check would also significantly increase.
Source: https://habr.com/ru/post/240389/
All Articles