id: header-command-injection info: name: Header Command Injection author: geeknik severity: high description: Fuzzing headers for command injection tags: fuzz,rce requests: - payloads: header: helpers/payloads/request-headers.txt payload: helpers/payloads/command-injection.txt raw: - | GET /?§header§ HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 §header§: §payload§ Connection: close attack: clusterbomb redirects: true matchers-condition: or matchers: - type: word words: - "uid=" - "gid=" - "groups=" condition: and - type: regex regex: - "root:.*:0:0:"