https://wiki.owasp.org/index.php/Testing_for_Code_Injection_(OTG-INPVAL-012) https://wiki.owasp.org/index.php/Testing_for_Command_Injection_(OTG-INPVAL-013)
- How To Exploit PHP Remotely To Bypass Filters & WAF Rules
- [2020] - https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/
- [2020] - Apache Tomcat RCE by deserialization (CVE-2020-9484) – write-up and exploi
- [2020] - SQL Injection Double Uppercut :: How to Achieve Remote Code Execution Against PostgreSQL
- [2020] - Remote code execution on Basecamp.com
- [2020] - Blind SSRF in /appsuite/api/oxodocumentfilter&action=addfile
- [2020] - GitLab-Runner on Windows
DOCKER_AUTH_CONFIGcontainer host Command Injection - [2020] - FULL INFRASTRUCTURE TAKEOVER OF VMWARE CLOUD DIRECTOR (CVE-2020-3956)
- [2020] - Remote Code Execution in Three Acts: Chaining Exposed Actuators and H2 Database Aliases in Spring Boot 2
- [2020] - How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM
- [2020] - Remote Code Execution (Reverse Shell) - File Manager
- [2019] - Information disclosure of secret_key_base via encoding charcters
- [2019] - LFI with potential to RCE on ██████ using CVE-2019-3396
- [2019] - User-assisted RCE in Slack for macOS (from official site)
- [2019] - Webshell via File Upload on ecjobs.starbucks.com.cn
- [2019] - Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]
- [2019] - Slack - User-assisted RCE in Slack for macOS (from official site) due to improper quarantine meta-attribute handling for downloaded files
- [2019] - Valve - Unchecked weapon id in WeaponList message parser on client leads to RCE
- [2019] - Remote Code Execution on www.semrush.com/my_reports on Logo upload
- [2019] - Local files could be overwritten in GitLab, leading to remote command execution
- [2019] - Potential pre-auth RCE on Twitter VPN
- [2019] - U.S. Dept Of Defense - RCE on █████ via CVE-2017-10271
- [2019] - Remote Code Execution on www.semrush.com/my_reports on Logo upload
- [2019] - RCE and Complete Server Takeover of http://www.█████.starbucks.com.sg/
- [2019] - Handlebars template injection and RCE in a Shopify app
- [2019] - Remote Code Execution At Api.PrivateProgram.Com (CVE-2017-5638)
- [2018] - Remote Code Execution on a Facebook server
- [2018] - [CVE-2018-18312] regcomp: heap-buffer-overflow write / reg_node overrun
- [2018] - RCE due to ShowExceptions
- [2018] - RCE using bash command injection on /system/images (toimitilat.lahitapiola.fi)
- [2018] - RCE in
chrome://braveavailable for navigation in Release build - [2018] - Remote Code Execution on Proxy Service (as root)
- [2018] - How an Instagram’s Story drives me to a Remote Code Execution
- [2018] - $36k Google App Engine RCE
- [2018] - Latex to RCE, Private Bug Bounty Program
- [2018] - Remote Command execution due to image tragick
- [2018] - Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability
- [2018] - Vanilla Forums Gdn_Format unserialize() Remote Code Execution Vulnerability
- [2018] - Vanilla Forums domGetImages getimagesize Unserialize Remote Code Execution Vulnerability (critical)
- [2017] - Facebook's Imagetragick Story
- [2017] - Exploiting Node.js deserialization bug for Remote Code Execution
- [2017] - Taking note: XSS to RCE in the Simplenote Electron client
- [2017] - How I got 5500$ from Yahoo for RCE
- [2017] - How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- [2017] - Yahoo! RCE via Spring Engine SSTI
- [2017] - Command Injection in Yahoo Acquisition
- [2017] - RCE in Imgur by Command Line
- [2017] - RCE in Jenkin Instance
- [2016] - How I Hacked Facebook, and Found Someone's Backdoor Script
- [2016] - How we broke PHP, hacked Pornhub and earned $20,000
- [2016] - Remote Code Execution by impage upload!
- [2016] - How I hacked Pornhub for fun and profit - 10,000$
- [2016] - JetBrains IDE Remote Code Execution and Local File Disclosure
- [2016] - Google Cloud Remote Command Injection (RCE)
- [2016] - PayPal Node.js code injection (RCE)
- [2016] - Gitlab - Read files on application server, leads to RCE
- [2016] - uber.com may RCE by Flask Jinja2 Template Injection
- [2015] - JDWP Remote Code Execution in PayPal
- [2015] - Telekom.de Remote Command Execution!
- [2015] - Magento Remote Code Execution Vulnerability!
- [2014] - RCE deal to tricky file upload
- [2013] - XXE in OpenID Led to RCE
- [2013] - Yahoo Bug Bounty - *.login.yahoo.com Remote Code Execution
- [2013] - eBay PHP Parameter Injection lead to RCE