id: header-command-injection info: name: Header Command Injection author: geeknik severity: high description: Fuzzing headers for command injection tags: fuzz,rce requests: - raw: - | GET /?{{header}} HTTP/1.1 Host: {{Hostname}} {{header}}: {{payload}} payloads: header: helpers/payloads/request-headers.txt payload: helpers/payloads/command-injection.txt attack: clusterbomb redirects: true stop-at-first-match: true matchers-condition: or matchers: - type: word words: - "uid=" - "gid=" - "groups=" condition: and - type: regex regex: - "root:.*:0:0:"