Рет қаралды 12,763
We talk about remote code execution, often a holy grail bug with bounties getting upwards of $1k and a scary amount of impact. We're going to break down, what they are, what people's first RCEs often are, then we chat about CVEs and how to exploit them. Finally, I give some interesting RCEs and explain the process of finding them.
Welcome to the first video in the Bug In Focus series, this series is going to be all about breaking down those really hard advanced bugs and explaining how they found them, what they are, what you need to know and how they were exploited. These videos are not going to be tutorials but instead presenting some interesting bugs, it's important to expose yourself to more advanced techniques even if you don't 100% understand what's happening.
Links
- Orange Tsai - Infiltrating Corporate Intranet Like NSA Preauth RCE
- DEF CON 27 Conference : • Orange Tsai - Infiltra...
- Rez0 - My first RCE: a tale of good ideas and good friends: rezo.blog/hacking/2019/11/29/...
- Strynx - Abusing ImageMagick to Obtain RCE: strynx.org/imagemagick-rce/
- Spaceraccoon - Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2: spaceraccoon.dev/remote-code-...
- Neex - RCE by command line argument injection to `gm convert` in `/edit/process?a=crop`: hackerone.com/reports/212696
- mrnbayoh - Insufficient sanitizing can lead to arbitrary commands execution: hackerone.com/reports/494979
- Spaceraccoon - RCE and Complete Server Takeover of www.█████.starbucks.com.sg/: hackerone.com/reports/502758
- Orange Tsai - Potential pre-auth RCE on Twitter VPN: hackerone.com/reports/591295 & blog.orange.tw/2019/09/attack...