Contents
References
- Portswigger: OS Command Injection
- Beyond the wall: command injection still alive.
- Blind OS Command Injection
- Command Injection Through BLH
- Command Injection PoC
- Digging in to SCP Command Injection
- Unauthenticated RSFTP to Command Injection
- Command Injection Without Spaces
- Command injection which got me “6000$” from #Google
- FULL INFRASTRUCTURE TAKEOVER OF VMWARE CLOUD DIRECTOR (CVE-2020-3956)
- Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
- How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
- Remote Code Execution At Api.PrivateProgram.Com (CVE-2017-5638)
- Remote Code Execution on a Facebook server
- RCE due to ShowExceptions
- How an Instagram’s Story drives me to a Remote Code Execution
- $36k Google App Engine RCE
- Latex to RCE, Private Bug Bounty Program
- Facebook’s Imagetragick Story
- Exploiting Node.js deserialization bug for Remote Code Execution
- Taking note: XSS to RCE in the Simplenote Electron client
- How I got 5500$ from Yahoo for RCE
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- Yahoo! RCE via Spring Engine SSTI
- Command Injection in Yahoo Acquisition
- RCE in Jenkin Instance
- How I Hacked Facebook, and Found Someone’s Backdoor Script
- How we broke PHP, hacked Pornhub and earned $20,000
- How I hacked Pornhub for fun and profit - 10,000$
- JetBrains IDE Remote Code Execution and Local File Disclosure
- PayPal Node.js code injection (RCE)
- JDWP Remote Code Execution in PayPal
- Telekom.de Remote Command Execution!
- Magento Remote Code Execution Vulnerability!
- RCE deal to tricky file upload
- XXE in OpenID Led to RCE
- Yahoo Bug Bounty - *.login.yahoo.com Remote Code Execution
- eBay PHP Parameter Injection lead to RCE