Given a script that allows anyone to provide input. Is there any input that can break out of a variable. For example given the following script:
echo $1
Would there be anyway to make $1 something like:
text && rm -rf /
I'm trying to do something like the above and it doesn't work.
Can anyone confirm that the above would be impossible?
Best Answer
In 2014, there was a exploit in the wild for a Bash vulnerability nicknamed Shellshock. Like most vulnerabilities in common software, a Common Vulnerabilities and Exposures (CVE) Bulletin was released, CVE-2014-6278. Shellshock is a remote exploit for Bash which allowed arbitrary code execution on the remote host via several attack vectors in common server software stacks including Apache's cgi modules as well as OpenSSH.
The vulnerability affects all versions of Bash from 1989 until 2014 when it was patched once easily created exploits were widely demonstrated.
For further reading:
OWASP Shellshock Presentation, PDF
NIST CVE-2014-6278
ServerFault Shellshock Question, 2014
I believe most versions available in Distro Repos have been patched.
Correction: Shellshock is a family of vulnerabilities... CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187
And, it's good to remember that these can easily affect a LAN if there exists port forwarding for things like Apache web servers or SSH... as well as any unpatched (and probably unpatchable) Internet of Things devices.