Get a free application, infrastructure and malware scan report - Scan Your Website Now

Subscribe to our Newsletter
Try AppTrana WAAP (WAF)
Managed WAF Start at $99

While the world is shell shocked, our customer are preparing for the weekend

Posted DateSeptember 26, 2014
Posted Time 2   min Read

The world is shell-shocked!

And while the system owners are busy understanding the vulnerability and are still finding out ways to detect it, attackers are not showing any mercy. We were expecting that the biggest attack surface we see for this vulnerability will be web, and now on the 2nd day of the release, we are already seeing a pattern.

‘Command injection’ is the attack category that makes a “made in heaven” match with this vulnerability. So if you have an application (especially the ones that use CGI scripts) where a bash command can be injected by exploiting this vulnerability, your imagination about a potential impact will not be enough.

IndusGuard WAF with its out of the box rules protects web applications against command injection attacks. With this new vulnerability, our team of researchers has quickly added some more patterns and signatures to protect our customers against this vulnerability (Refer: How Not to Get BASH-ed)

Yesterday, what we saw was somewhat expected, but variety & patterns are simply astounding. With one of our customers where we were doing a pilot WAF deployment, we saw command injection attempts from multiple sources and with different patterns.

While the world is shell shocked

We saw the attacker trying to inject through the cookie, headers, and even body. They might be script kiddies but they were trying all sorts of combinations to crack into the system. In this example, they were trying to run the ping utility remotely to send ICMP requests on their own server. By monitoring the ping response at their end, attackers can easily confirm if the command was executed or not and find out if the application is vulnerable. We have seen such a reconnaissance kind of activity for a multiple of our customers and are actively blocking them.

Adding more flavors to the matter, Malware research teams have identified payloads that are exploiting Bash vulnerability to create botnets for conducting DDoS. You can expect more such innovative but dangerous exploit scenarios that will shell shock the world.

Indusface WAF provides full proof of protection against this vulnerability for your web applications. Our experience (STATE OF APPLICATION SECURITY IN INDIA) suggests that a Critical vulnerability like ‘Command Injection’ may take up to 100 days to get fixed on your application, but at Indusface we are trying to ensure our customers enjoy their weekends and the upcoming festival season.

web application security banner

Spread the love

Join 47000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

Heartbleed or Shellshock
Heartbleed or Shellshock – Which one is more danger?

There have been several atrocious security vulnerabilities announced in the last few months, with “Heartbleed” in web servers and Shellshock in shell command lines. There are too many questions in the.

Spread the love

Read More


Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Know More Take Free Trial


Indusface is the only cloud WAAP (WAF) vendor with 100% Customer Recommendation for 3 consecutive years.

A Customers’ Choice for 2022 and 2023 - Gartner® Peer Insights™

The reviews and ratings are in!