Question

Remote code execution ( RCE) occurs when an attacker can execute arbitrary code on a target machine because of a vulnerability or misconfiguration. RCEs are extremely dangerous, as attackers can often ultimately compromise the web application or even the underlying web server.

远程代码执行（RCE）是指由于漏洞或配置错误，攻击者能够在目标计算机上执行任意代码。 RCE 非常危险，因为攻击者通常可以最终破坏 Web 应用程序甚至基础 Web 服务器。

There is no singular technique for achieving RCE. In previous chapters, I noted that attackers can achieve it via SQL injection, insecure deserialization, and template injection. In this chapter, we’ll discuss two more strategies that may allow you to execute code on a target system: code injection and file inclusion vulnerabilities.

没有一种单一的技术可以实现 RCE。在之前的章节中，我指出攻击者可以通过 SQL 注入、不安全的反序列化和模板注入来实现。在这一章中，我们将讨论另外两种策略，可能允许你在目标系统上执行代码：代码注入和文件包含漏洞。

Before we go on, keep in mind that developing RCE exploits often requires a deeper understanding of programming, Linux commands, and web application development. You can begin to work toward this once you get the hang of finding simpler vulnerabilities.

在我们继续之前，请记住，开发 RCE 漏洞通常需要更深入的编程，Linux 命令和 Web 应用程序开发的理解。一旦您掌握了查找更简单漏洞的方法，就可以开始朝着这个方向努力。