Jump to content
Nytro

Deserialization vulnerability

By Nytro, in Securitate web

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted 
Table of Contents
Serialization (marshaling): ............................................................................................................................ 4 Deserialization (unmarshaling): .................................................................................................................... 4
Programming language support serialization: ............................................................................................... 4
Risk for using serialization: .......................................................................................................................... 5
Serialization in Java ...................................................................................................................................... 6
Deserialization vulnerability in Java: ............................................................................................................ 6
Code flow work........................................................................................................................................... 11
Vulnerability Detection: .............................................................................................................................. 12
CVE: ........................................................................................................................................................... 17
Tools: .......................................................................................................................................................... 17
Vulnerable libraries lead to RCE: ............................................................................................................... 18
Mitigation: .................................................................................................................................................. 19
Serialization in Python ................................................................................................................................ 20
Deserialization vulnerability in Python: ..................................................................................................... 21
Pickle instructions ....................................................................................................................................... 25
Exploit vulnerability: .................................................................................................................................. 26
CVE: ........................................................................................................................................................... 29
Mitigation: .................................................................................................................................................. 29
Serialization in PHP .................................................................................................................................... 30
Deserialization vulnerability in PHP: ......................................................................................................... 30
Exploit vulnerability: .................................................................................................................................. 35
CVE: ........................................................................................................................................................... 39
Mitigation: .................................................................................................................................................. 40
Serialization in Ruby ................................................................................................................................... 41
Deserialization vulnerability in Ruby: ........................................................................................................ 42
Detect and exploit vulnerability: ................................................................................................................ 44
CVE: ........................................................................................................................................................... 53
Tools: .......................................................................................................................................................... 53
Mitigation: .................................................................................................................................................. 53
Conclusion: ................................................................................................................................................. 56

Download: https://www.exploit-db.com/docs/english/44756-deserialization-vulnerability.pdf?rss

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...