id: header-command-injection info: name: Header - Remote Command Injection author: geeknik severity: critical description: Headers were tested for remote command injection vulnerabilities. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cwe-id: CWE-77 metadata: max-request: 7650 tags: fuzzing,bruteforce,rce http: - raw: - | GET /?{{header}} HTTP/1.1 Host: {{Hostname}} {{header}}: {{payload}} payloads: header: helpers/payloads/request-headers.txt payload: helpers/payloads/command-injection.txt attack: clusterbomb host-redirects: true stop-at-first-match: true matchers-condition: or matchers: - type: word words: - "uid=" - "gid=" - "groups=" condition: and - type: regex regex: - "root:.*:0:0:" # digest: 4a0a0047304502203dfb9d94713bdd57f01a1037a1a475e92c22c7f2917019840a194b6d93960fe5022100d2d94c46b98286546a9bd02fe1229a1fb36b8d4e40d0dd981d1ad31662ab0a3c:922c64590222798bb761d5b6d8e72950