Description
Remote Command Execution also known as Arbitrary Code Execution, is a vulnerability that allows an attacker to remotely run malicious code within the target system on the local network or over the Internet. RCE can be exploited if the user's input is injected into a File or a String and executed (evaluated) by the programming language's parser, thus possibly giving the attackers a chance to fully compromise the vulnerable server/application. Usually, this behavior is not intended by the developers.
The attack is usually prefaced by reconnaissance and information gathering, in which the attacker uses automated scanning tools to identify the vulnerable version of the software. Once identified, the attacker tries to leverage exploitation scripts to execute commands hoping to gain local administrative access on the host
Attack Scenario
An attacker who can execute a Remote Code based attack on a system successfully would be able to execute commands that enable the attacker to read, write, delete, or execute files by taking advantage of the programming language or web server, which could eventually lead to taking control over the whole server hosting the vulnerable application/service.
Mitigation
- Prevent passing any user-controlled input to system callbacks or evaluation functions, considering the mantra of zero trust.
- Don't let the user decide the extension or content of files uploaded to the server and use secure practices for restricted file uploads.
- Don't try to blacklist special chars or function names, it's impossible to implement and there is always workarounds and bypasses.
ID: 40003