Simple Remote Code Execution Vulnerability Examples for Beginners

#Example 1 — Unrestricted File Upload 1

Uploading the webshell file with ../ attack
Path traversal fuzz list from Burp Payloads
Configuring the file name from Payload Processing -> Match/Replace rule
Accessing the shell from root directory afterwards

#Example 2— Unrestricted File Upload 2

Uploading asp shell to the server

#Example 3— Known RCE Exploitation

Running the msf module for vulnerable host
The second step of exploitation on the exploit code
  • system command from php for running OS command.
  • whoami os command for returning the result.
Manual base64 decode of the payload
Whoami command output

#Example 4 — Application Level Command Injection

Expression creation page
Injection Java Code to the custom expressions
A case which is created within the malicious expression returned “nt authority/system” from the Java code

Last Words

--

--

--

Independent Bug Bounty Hunter & Offensive Security Consultant

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

AUDIT SOLIDITY SOON

{UPDATE} Heart Bingo Hack Free Resources Generator

FLy Staking campaign winners

{UPDATE} SuperTrains Hack Free Resources Generator

{UPDATE} Madrid Zombi 2 Hack Free Resources Generator

Beware of False Conclusions in Cybersecurity

Privacy Series: Online Tracking & DNT

{UPDATE} Pixel Cup Soccer 16 Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ozgur Alp

Ozgur Alp

Independent Bug Bounty Hunter & Offensive Security Consultant

More from Medium

One-liner Bug Bounty Tips

BUG BOUNTY HUNTER — HOW TO START || WHERE TO START

THM’s Alfred — Walkthrough

I found an IDOR vulnerability in my college website!