Questions tagged [deserialization]
10 questions
3
votes
0 answers
Is Marshal.load safe for Marsha.dumped data
I want to serialize and deserialize models that contain user input. Marshal is a serialization library built into Ruby.
By design, ::load can deserialize almost any class loaded into the Ruby process. In many cases this can lead to remote code…
Qaz
- 185
- 6
1
vote
0 answers
Why is there no fix for the commons beanutils Java deserialization gadget?
I recently came across a vulnerability which was caused by unsafe deserialization (Java) and the use of the Apache Commons library commons-beanutils. The ysoserial project references commons-beanutils 1.9.2, so I thought that there might be a later…
kaidentity
- 2,634
- 13
- 30
1
vote
0 answers
How to decode ysoserial .net payload
Is there any way to decode ysoserial .net payload?
For instance
I'm creating payload with:
ysoserial.exe -f BinaryFormatter -o base64 -c "ping test.com" -g WindowsIdentity
Is there any convenient way to reverse the payload to understand which…
K P
- 11
- 1
1
vote
0 answers
Exploit CVE-2020-0688 for older versions
I wanted to exploit my IIS CVE-2020-0688, which I saw that the key is the same as advertised.
The problem is that my IIS is old, and uses AppPool of .NET 2 and not .NET 4. Also I can use only GET as I don't see a POST request using the viewstate.…
Ilay Goldman
- 11
- 2
1
vote
0 answers
How do gadget chains work in relation to Java Deserialization attacks?
tl;dr
I would love a detailed explanation how user-controlled input goes from readObject to RCE. Java-specific.
The background
This is my attempt to add specificity to the OP question as requested in the answer here.
I have been slowly but surely…
deletehead
- 632
- 4
- 9
0
votes
0 answers
How to find a potential JSON Java deserialization code vulnerability with a whitebox approach in web server source code?
I would like to know a somewhat general approach for white box vulnerability scanning, mainly focused around Java deserialization code bugs that could lead to RCEs (Remote Code Execution following deserialization).
So far, my current strategy is…
RemiYuko
- 1
- 1
0
votes
0 answers
How does "./" affects signature generation for files, in a PHP based web application?
I am solving a lab related to serialization vulnerabilities. It deals with retrieving files based on the signature. The theory of the lab states as quoted, "Adding ./ will still give you the same file but the application will generate a different…
0
votes
0 answers
JSON.Net insecure deserialization
I have a question in regard to insecure deserialization with the JSON.Net component.
It is my understanding that this component is safe by default unless you specify the TypeNameHandling setting to anything except for none.
However, suppose you do…
0
votes
1 answer
Is accepting arbitrary COM pointers over a process boundary safe?
I have a legacy Windows application that needs to be looked over in terms of security. During this review something caught me eye. In the out of process COM server I'm looking at is a method that accepts an arbitrary class pointer. The method…
Rick
- 11
- 2
0
votes
1 answer
Deserialization Opportunity?
I have minimal experience exploiting deserialization vulnerabilities and I am working on and I have identified the following URL endpoint. This is it URL…
leaustinwile
- 366
- 1
- 8