Once uppon a time I saw a post at vulndev.
It was an excellent idea to write about 'how you can find RCE vuln in webapp'.
You can be a good coder, or great auditor, that's great. But maybe to
'see' (or better 'imagine') what can be done via this vulnerability, you should
'see' it at your own 'learning-localhost-server' ;]
Check it out, screen below is a 'one of few webapps' vulnerable. PoCc code is simple GET request
(via browser, via python, GET.sh, whatever you want...).
Ideas about fixing and finding this kind of vulnerabilities you will easly find at OWASP's pages.
There is no reason to write it here again, and again... ;]
If you have any questions about how to find this or other bugs/vulns, just mail me
few words about it. :)
Have a nice day!