What is jarrewrite.sh?

Created 23rd January 2024
Updated 23rd January 2024

CVE-2014-6271

This is a remote code exploit against SonicWall VPN products. It wraps up the infamous ShellShock vulnerability found in OpenSSH.

The one-liner grabs a dropper, and attempts to download and execute a generic *nix-based trojan, giving the attacker control over the SonicWall VPN terminator host. The trojan has a SHA-256 hash of 464b397279bcf2d0e5ac86776166a7ca808d87570e87e37e5290b6b290ac1fc5 .

---

References

1. https://www.acunetix.com/vulnerabilities/web/sonicwall-ssl-vpn-8-0-0-0-rce-via-shellshock-exploit/
2. https://github.com/Al1ex/SonicWall
3. https://www.exploit-db.com/exploits/49499

---

Other known request paths

1. cgi-bin/jarrewrite.sh