Task 3: Passing Data to Bash via Environment Variable To exploit a Shellshock vulnerability in a Bash-based CGI program, attackers need to pass their data to the vulnerable Bash program, and the data need to be passed via an environment variable. In this task, we need to see how we can achieve this goal. You can use the following CGI program to demonstrate that you can send out an arbitrary string to the CGI program, and the string will show up in the content of one of the environment variables.

#!/bin/bash_shellshock

echo "Content-type: text/plain"

echo

echo "******Environment Variables******"

strings /proc/$$/environ line1

In the code above, Line1 prints out the contents of all the environment variables in the current process. If your experiment is successful, you should be able to see your data string in the page that you get back from the server. In your report, please explain how the data from a remote user can get into those environment variables.