O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

12REMOTE CODE EXECUTION

Image

A remote code execution (RCE) vulnerability occurs when an application uses user-controlled input without sanitizing it. RCE is typically exploited in one of two ways. The first is by executing shell commands. The second is by executing functions in the programming language that the vulnerable application uses or relies on.

Executing Shell Commands

You can perform RCE by executing shell commands that the application doesn’t sanitize. A shell gives command line access to an operating system’s services. As an example, let’s pretend the site www.<example>.com is designed to ping a remote server to confirm whether the server ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required