Today, a critical and trivially remotely exploitable vulnerability was announced in bash. To help users of our Vega web application scanner to identify this vulnerability, we have a released a basic standalone module to detect this vulnerability in web applications.
The module works by injecting test cases into certain HTTP header values as well as any web application form/query parameters. This should be adequate to detect this vulnerability in CGI setups where HTTP header values are turned into bash environment variables while also detecting cases where user-supplied input is passed through functions that spawn subshells such as system(), exec(), popen() in various languages. We will refine the module as more information becomes available and we are able to test it more.
The module can be obtained here. It can be installed simply by adding it to the ‘vega/scripts/scanner/modules/injection/’ directory.
Due to the seriousness of this vulnerability, we also strongly advise everybody to install patches immediately.