Back to directory

WRITEUP #2031

Remote Code Execution by Abusing Apache Spark SQL

SQL InjectionRCE

byColin McQueen

Program

-

Published

Oct 24, 2022

Added to HackDex

Nov 1, 2022

Read Full Writeuphttps://blog.stratumsecurity.com/2022/10/24/abusing-apache-spark-sql-to-get-code-execution/

▸ RELATED WRITEUPS

Exploiting authorization by nonce in WordPress plugins

RCEArbitrary file upload

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat