id: header-command-injection info: name: Header - Remote Command Injection author: geeknik severity: critical description: Headers were tested for remote command injection vulnerabilities. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 7650 tags: fuzz,rce http: - raw: - | GET /?{{header}} HTTP/1.1 Host: {{Hostname}} {{header}}: {{payload}} payloads: header: helpers/payloads/request-headers.txt payload: helpers/payloads/command-injection.txt attack: clusterbomb host-redirects: true stop-at-first-match: true matchers-condition: or matchers: - type: word words: - "uid=" - "gid=" - "groups=" condition: and - type: regex regex: - "root:.*:0:0:" # digest: 4a0a0047304502204759dd7d3a06f44828506cff0299f2da419f227da6a08d2e288c4031b56fefe2022100efe3194b51a50895d4da740455676ca078ca6cd3a9c9ab1bbab51c0ed6a7fe36:922c64590222798bb761d5b6d8e72950