Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss – DigitalMunition




Videos Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss

Published on February 28th, 2017 📆 | 3169 Views ⚑

0

Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss



JexBoss: https://github.com/joaomatosf/jexboss
Many Java applications that use the Java Server Faces (JSF) or Seam frameworks often use serialized java objects on the client side to persist the state of the View (e.g. javax.faces.ViewState) or in other form fields. When the client sends these serialized objects back to the server (for example, when submitting data in a POST form), by default they are deserialized without proper sanitization. This allows for deserialization attacks via multiple very frequent inputs (mainly in JSF and Seam applications).


2017-02-28 04:04:23

source

Download WordPress Themes
Free Download WordPress Themes
Free Download WordPress Themes
Free Download WordPress Themes
download udemy paid course for free

Tagged with:



Leave a Reply ✍


loading...