What is Remote Code Execution (RCE) ?
Remote Code Execution (RCE) vulnerability is a security flaw that allows attackers to execute malicious code on a target system. This can result in complete system compromise, data theft, or damage. To prevent RCE vulnerabilities, developers should use secure coding practices, such as input validation, and implement security measures such as intrusion detection systems and web application firewalls. Regular security testing can also help identify and address potential RCE vulnerabilities.
The Story
Bug Hunter called “Th3g3nt3lman” has discovered a critical vulnerability in the Apache Struts2 framework that could lead to RCE. The vulnerability, known as CVE-2017–5638, was already widely known. So the hunter leveraged an easy-to-use exploit that was publicly available.
Based on the write-up, during the reconnaissance process, the researcher stumbled upon a login page for the Selligent Messages studio solution used by Yahoo. He found an endpoint indicating that the application was using Struts2.
After failing to find vulnerabilities, the researcher discovered a payload that could bypass a web application firewall (WAF) and exploit the RCE vulnerability.
The detection method involved using the Content-Type HTTP header to send a specially crafted packet that would request the web server to perform a calculation. The response from the web server confirmed that the server was vulnerable.
Th3g3nt3lman reported the vulnerability to Yahoo through HackerOne, and the company took the application offline to fix the issue. The fix was confirmed, and within a week, Th3g3nt3lman was awarded $5500 for the finding.
This story serves as a reminder of the importance of continuous learning and sharing in the field of security research and the potential rewards for finding and reporting vulnerabilities responsibly.
How to Prevent RCE (Remote Code Execution)?
Here are some steps to prevent RCE vulnerabilities:
- Keep software up-to-date: Ensure that all software, including web servers, applications, and operating systems are kept up-to-date with the latest patches and security updates. This will help to eliminate known vulnerabilities that attackers could exploit.
- Use proper input validation: Implement input validation techniques that can prevent malicious input from being processed by the system. This can include input sanitization techniques, such as filtering and escaping, to ensure that user input does not contain malicious code.
- Implement proper authentication and authorization: Implement strong authentication and authorization mechanisms to prevent unauthorized access to sensitive data and functionality. This can include using strong passwords, two-factor authentication, and role-based access control.
- Use code signing: Code signing can help to ensure that only trusted code is executed on the system. This involves using digital signatures to verify the authenticity and integrity of code before it is executed.
- Use a web application firewall: A web application firewall (WAF) can help to prevent RCE vulnerabilities by filtering out malicious requests and traffic. WAFs can be configured to block known attack patterns and signatures, reducing the risk of successful attacks.
By following these steps, developers can help to prevent RCE vulnerabilities and keep their systems secure from attackers.
Link to full write up: here
Save the PDF here