U.S. Dept Of Defense: Remote Code Execution (RCE) in a DoD website

ID H1:231926
Type hackerone
Reporter joaomatosf
Modified 2017-06-14T18:09:48


A remote code execution (RCE) vulnerability was found on a DoD website which could have enabled an attacker to execute remote commands on the web server. @joaomatosf was able to demonstrate this vulnerability by developing a custom script that caused the webserver to execute a benign command. This was a very clever demonstration. Thank you!