What is the most common method to exploit the -Bash Bug- or -ShellShock- vulnerability?

A. Through

Web servers utilizing CGI (Common Gateway Interface) to send a malformed environment variable to a vulnerable Web server

B. Manipulate format strings in text fields

C. SSH

D. SYN Flood

Shellshock, also known as Bashdoor, is a family of security

bugs in the widely used Unix Bash shell.

One specific exploitation vector of the Shellshock bug is CGI-based web servers.

Note: When a web server uses the Common Gateway Interface (CGI) to handle a document request, it passes various details of the reques

t to a handler program in the environment variable list. For example, the variable HTTP_USER_AGENT has a value that, in normal usage, identifies the program sending the request. If the request handler is a Bash script, or if it executes one for example usi

ng the system call, Bash will receive the environment variables passed by the server and will process them. This provides a means for an attacker to trigger the Shellshock vulnerability with a specially crafted server request.

References: