12REMOTE CODE EXECUTION
A remote code execution (RCE) vulnerability occurs when an application uses user-controlled input without sanitizing it. RCE is typically exploited in one of two ways. The first is by executing shell commands. The second is by executing functions in the programming language that the vulnerable application uses or relies on.
Executing Shell Commands
You can perform RCE by executing shell commands that the application doesn’t sanitize. A shell gives command line access to an operating system’s services. As an example, let’s pretend the site www.<example>.com is designed to ping a remote server to confirm whether the server ...