What is Remote Code Execution in Web Applications?

Remote Code Execution (RCE) is exploited through a Code Injection vulnerability allowing the attacker to execute code on the target machine.  This is nearly as bad as someone taking full control over your server.

For example, if there is a Code Injection Vulnerability and Remote Code Execution on your website in a PHP script, the attacker could inject code into the page and execute any code the system would allow.

For example, let’s say there is a form on your website, that form when complete and the submit button is clicked will process the form data.  Imagine if you could put in code into those fields and submit the form, the code would then be executed.

You may not be aware but server side programming languages like PHP and Python can execute system commands.  This means, through PHP I can invoke commands like…

  • rm
  • ls
  • cd
  • cat

If you are unfamiliar with these Linux commands, they could allow someone to view, edit and delete files on your account.

Recent Examples of Remote Code Execution in Modern Web Applications

Drupalgeddon & Drupalgeddon 2

Back in 2014 Drupal had a SQL Injection vulnerability which within four hours of a public announcment, if the site was not patched the Drupal security team said you were probably already compromised.

In March of 2018 another vulnerability in Drupal was found which allowed Remote Code Execution.  This was announced in CVE-2018-7600 with the description…

“Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.”

Modx Revolution < 2.6.4

ModX Revolution just recently announced a security fix for a Remote Code Execution attack [see modx revolution remove code execution].  Again, this allowed attackers to remove files, folders, execute remote scripts and other system commands.

How To Protect Against Remote Code Execution and Code Injection attacks?

Again, Remote Code Execution is a severe security vulnerability which needs patched as soon as possible.

If you are using a common CMS, simply updating to the latest version will most likely resolve the issue.  To prevent them in the first place it is highly recommend you add a Web Application Firewall to your site such as Wordfence or Cloudflare as soon as possible, these can patch or prevent many vulnerabilities.

Remember:

  • Always keep your website up to date
  • Use a Web Application Firewall
  • Remove all unused plugins and themes
follow and like us:
Author :