A vulnerability known as "ShellShock" exists in GNU Bash through 4.3 due to how it processes trailing strings in the values of environment variables after function definitions. This vulnerability enables remote attackers to execute arbitrary code by crafting the environment in certain situations, including when the environment is set across a privilege boundary from Bash execution. The vulnerability has been demonstrated in various scenarios, such as the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, and scripts executed by unspecified DHCP clients. It should be noted that the original fix for this vulnerability was incorrect, and a separate CVE, CVE-2014-7169, has been assigned to cover the still-present vulnerability after the incorrect fix.
python exploit.py -r <rhost-url> -c <desired-command>