Remote Shellshock CGI exploitation
This wget one liner exploits shellshock through cgi by injecting commands into the user agent.
Where /bin/ps is the command you want to run on the server and /ip/cgi-bin/test.cgi is a cgi file located on the server.
To make any server vulnerable to this it looks like there just needs to be a valid bash syntax cgi file located in cgi-bin
This was tested by putting this:
into test.cgi located in /usr/lib/cgi-bin/ which is aliased to the apache server on a default installation. Then test.cgi was chmoded 755.
Now to escalate this into a shell
Pop this into burpsuite:
Now there is a shell connection listening on port 1237
works with this wget