Get the Whitepaper called Blind SSRF with Shellshock Exploitation. It discusses how an attacker can leverage shellshock to also perform server-side request forgery attacks.
You can download it from the following link: https://packetstormsecurity.com/files/download/160914/Blind-SSRF-with-Shellshock-Exploitation.pdf
Source: https://packetstormsecurity.com/files/160914/Blind-SSRF-With-Shellshock-Exploitation.html