Collaborate Disseminate
how to deserialize this object to base64
"\254\355\000\005sr\000 com.mobin.security.rsa.PublicKey\311#\337\315\375\335\204+\002\000\002L\000\010exponentt\000\026Ljava/math/BigInteger;L\000\007modulusq\000~\000\001xpsr\000\024java.math… Continue reading RSA Object Issue [closed]
I have a java deserialization vulnerability, with a poc. The poc exploits using the groovy library, and the groovy version is 2.4.19.
When searching online for a CVE related to this gadget I couldn’t find.
Is it that groovy does not agree … Continue reading Which groovy is safe from gadget chains?
I am working on a Web API that needs to call a 3rd party Web API to achieve some features. That 3rd party’s API’s design is sort of a "God API" such that it takes a generic object type to allow that single API to be used for MANY… Continue reading Insecure Deserialization in C# (.NET) using NewtonsoftJson
Are deserialization attacks possible when unmarshalling user input to non-vulnerable types using the JAXB unmarshaller?
We all know that deserializing user input to arbitrary types in Java leaves an application open to deserialization atta… Continue reading Are deserialization attacks possible when unmarshalling user input to non-vulnerable types using the JAXB unmarshaller?
I would like to analyze the authentication function of a given GWT web application. When authenticating with my credentials, I could identify that my credentials are sent via websocket in form of a binary blob. This most certainly is a ser… Continue reading GWT: Deserialize objects sent/received via websocket
Coverity shows the block of code as unsafe deserialization:
String str = OBJECT_MAPPER.writeValueAsString(body); //Body is user controlled
Ferarri myclassobj = OBJECT_MAPPER.readValue(str, Ferarri.class);
(Coverity: The virtual call res… Continue reading Coverity flags as unsafe deserialisaton. Is this vulnerable?
I’m trying to figure out if the code below is open to object injection:
<?php
// loggin level
define(‘CRIT’, 5);
define(‘ERROR’, 4);
// secret is defined somewhere in the script like this
define(‘SECRET’, ‘mYs3cr37P4… Continue reading PHP code review: is it open to object code injection through unserialize [closed]
When I try to exploit insecure deserialization using ysoserial, I found that the exploitation fails when using the >,| character in the command. Why does this happen?
I recently came across a vulnerability which was caused by unsafe deserialization (Java) and the use of the Apache Commons library commons-beanutils. The ysoserial project references commons-beanutils 1.9.2, so I thought that there might b… Continue reading Why is there no fix for the commons beanutils Java deserialization gadget?
I would like to know a somewhat general approach for white box vulnerability scanning, mainly focused around Java deserialization code bugs that could lead to RCEs (Remote Code Execution following deserialization).
So far, my current strat… Continue reading How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?