Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Created documentation for apache_mod_cgi_bash_env.rb #13138

Closed
wants to merge 16 commits into from
Closed

Created documentation for apache_mod_cgi_bash_env.rb #13138

wants to merge 16 commits into from

Conversation

exigentmidnight
Copy link

Based on issue #12389 I identified that documentation did not yet exist for apache_mod_cgi_bash_env.rb. I setup an environment to run the scanner against that was vulnerable and verified that the scanner was functioning. I also included directions for someone else who may want to test the issue but did not know how to create a vulnerable environment. Thanks!

@h00die
Copy link
Contributor

h00die commented Mar 25, 2020

@exigentmidnight Thanks for the docs contribution!!!! A few things:

  1. can you submit this from a branch other than master. See Add phpstudy backdoor exploitation module #12974 (comment)
  2. we now have tools/dev/msftidy_docs.rb <doc_file> to help with some style things. Can you please run it against these docs to get some things fixed up.
  3. you have a lot of commits for a single file. I would recommend the following: do the msftidy fixes, fix up all my review comments, THEN when you create a new branch to submit from, just copy/paste this file in there. This way it'll only have 1 commit (your final product) instead of the rest.

I'll go ahead and give it a review now though so you can incorporate those fixes on the single commit branch you submit soon.

@exigentmidnight
Copy link
Author

Thanks! I'll be happy to make those edits and submit it the right way :)

h00die
h00die requested changes Mar 25, 2020
View reviewed changes
Copy link
Contributor

@h00die h00die left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Solid first attempt. Love the details on setting up an environment and such (since the devil is in the details on setting up vuln envs). Good job!

documentation/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.md Outdated Show resolved Hide resolved
documentation/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.md Outdated Show resolved Hide resolved
documentation/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.md Outdated Show resolved Hide resolved
documentation/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.md Outdated
3. Do: set `TARGETURI [URI]`
4. Do: `run`

### To check if a host is vulnerable to the attack
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can be moved up under Vulnerable Application

documentation/modules/auxiliary/scanner/http/apache_mod_cgi_bash_env.md Outdated Show resolved Hide resolved
@exigentmidnight exigentmidnight mentioned this pull request Mar 28, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bcoles bcoles bcoles left review comments

@h00die h00die h00die requested changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@exigentmidnight @h00die @bcoles @acammack-r7