https://blog.qife122.com/tags/shellshock/ Recent content in Shellshock on 办公AI智能小助手 Hugo zh-cn qife Fri, 19 Sep 2025 00:46:47 +0800 https://blog.qife122.com/p/shellshock%E6%BC%8F%E6%B4%9E%E4%B8%8Etelnet-user%E5%8F%98%E9%87%8F%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/ Fri, 19 Sep 2025 00:46:47 +0800 https://blog.qife122.com/p/shellshock%E6%BC%8F%E6%B4%9E%E4%B8%8Etelnet-user%E5%8F%98%E9%87%8F%E7%9A%84%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90/ <h1 id="shellshock-and-the-telnet-user-variable">Shellshock and the Telnet USER Variable</h1> <p>在一次最近的测试中，Nessus扫描器报告了以下关键问题：</p> <p><strong>GNU Bash本地环境变量处理通过Telnet的命令注入（CVE-2014-7169）（Shellshock）</strong></p> https://blog.qife122.com/p/shellshock%E6%BC%8F%E6%B4%9E%E4%B8%8Etelnet-user%E5%8F%98%E9%87%8F%E7%9A%84%E5%88%A9%E7%94%A8%E8%A7%A3%E6%9E%90/ Thu, 18 Sep 2025 13:48:13 +0800 https://blog.qife122.com/p/shellshock%E6%BC%8F%E6%B4%9E%E4%B8%8Etelnet-user%E5%8F%98%E9%87%8F%E7%9A%84%E5%88%A9%E7%94%A8%E8%A7%A3%E6%9E%90/ <h1 id="shellshock-and-the-telnet-user-variable">Shellshock and the Telnet USER Variable</h1> <p>在一次最近的测试中，Nessus扫描器报告了以下关键问题：</p> <p><strong>GNU Bash 本地环境变量处理命令注入 via Telnet (CVE-2014-7169) (Shellshock)</strong></p> <p>通过向远程服务器发送畸形的USER环境变量，可以成功利用此漏洞，允许执行&rsquo;id&rsquo;命令：</p>