Hi Reader,
We came up with another list of RCE Infosec writeups from the best bug bounty hunters and Hackers worldwide.
Remote Code Execution (RCE) Reports
- [RCE] Remote code execution at api.PrivateProgram.com (CVE-2017-5638)
- Dell KACE K1000 Remote Code Execution — the Story of Bug K1–18652
- Handlebars template injection and RCE in a Shopify app
- Leaked Salesforce API access token at IKEA.com
- Comma is forbidden! No worries!! Inject in insert/update queries without it
- Discovering a zero day and getting code execution on Mozilla’s AWS Network
- WordPress 5.1 CSRF to Remote Code Execution
- Escalating SSRF to RCE
- Fixed : Brute-force Instagram account’s passwords
- Bug Bounty 101 — Always Check The Source Code
- How I hacked ASUS?
- Magento – RCE & Local File Read with low privilege admin rights
- Change the payment account of any Facebook commerce page
- Expose business email and payment account balance of any Facebook commerce page.
- Bruteforce Instagram account’s passwords (lack of rate limiting protection).
- RCE in nokia.com
- Story of my two (but actually three) RCEs in SharePoint in 2018
- Token Brute-Force to Account Take-over to Privilege Escalation to Organization Take-Over
- RCE in Hubspot with EL injection in HubL
- GitHub Desktop RCE (OSX)
- Pwning eBay - How I Dumped eBay Japan’s Website Source Code
- Facebook Source Code Disclosure in ads API
- XS-Searching Google’s bug tracker to find out vulnerable source code
- HackenProof Customer Story: Uklon
- #BugBounty — How I was able to download the Source Code of India’s Largest Telecom Service Provider including dozens of more popular websites!
- Path traversal while uploading results in RCE
- Microsoft Edge Remote Code Execution
- RCE Unsecure Jenkins Instance | Bug Bounty POC
- Simple Login Brute Force / Current Password Requirement Bypass
- How I could download the source code of an Indian e-commerce website!!
- Traversing the Path to RCE
- How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
- RCE due to ShowExceptions
- RCE on Yahoo Luminate
- Latex to RCE, Private Bug Bounty Program
- How I got hall of fame in two fortune 500 companies — An RCE story…
- $36k Google App Engine RCE
- How I found 2.9 RCE at Yahoo! Bug Bounty program
- #BugBounty — How I was able to bypass firewall to get RCE and then went from server shell to get root user account!
- #BugBounty — ”Journey from LFI to RCE!!!”-How I was able to get the same in one of the India’s popular property buy/sell company.
- Source Code Analysis in YSurvey — Luminate bug
- Facebook BugBounty: Intercept incoming friend requests of Victim add/accept to your facebook account
- #BugBounty — API keys leakage, Source code disclosure in India’s largest e-commerce health care company.
- RCE Vulnerabilite in Yahoo Subdomain! ( Yahoo! RCE via Spring Engine SSTI ) By tghawkins
- Content Injection in DuoLingo’s TinyCards App for Android [CVE-2017-16905]
- Unrestricted File Upload to RCE | Bug Bounty POC
- Getting a RCE — CTF Way
- Sensitive data exposure by requesting a resource with a different content type
- Exploiting Insecure Cross Origin Resource Sharing ( CORS ) | api.artsy.net
- How I Chained 4 vulnerabilities on GitHub Enterprise, From SSRF Execution Chain to RCE!
- May the Shells be with You - A Star Wars RCE Adventure!
- CVE-2017-10711: Reflected XSS vulnerability in SimpleRisk – Open Source Risk Management System
- How I got 5500$ from Yahoo for RCE
- Pivoting from blind SSRF to RCE with HashiCorp Consul
- Ok Google, Give Me All Your Internal DNS Information!
- [demo.paypal.com] Node.js code injection (RCE)
- Remote Code Execution (RCE) on Microsoft’s ‘signout.live.com’
- Twitter’s Vine Source code dump - $10080
- InstaBrute: Two Ways to Brute-force Instagram Account Credentials
- Hacking Magento eCommerce For Fun And 17.000 USD
- Ubiquiti Bug Bounty: UniFi v3.2.10 Generic CSRF Protection Bypass
- [manager.paypal.com] Remote Code Execution Vulnerability
- Instagram’s Million Dollar Bug
- CVE-2014-7216: A Journey Through Yahoo’s Bug Bounty Program
- Flickr API Explorer – Force users to execute any API request.
- Google Bug Bounty: Nice Catch on Google Cloud Platform Live
- Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
- PayPal Bug Bounty: PayPaltech.com E-Mail Injection
- PayPal Bug Bounty: PayPaltech.com XSS
If you want to submit your writeups in the list. Submit Here