Videos Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss

Published on February 28th, 2017 📆 | 4756 Views ⚑

0

Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss



JexBoss: https://github.com/joaomatosf/jexboss
Many Java applications that use the Java Server Faces (JSF) or Seam frameworks often use serialized java objects on the client side to persist the state of the View (e.g. javax.faces.ViewState) or in other form fields. When the client sends these serialized objects back to the server (for example, when submitting data in a POST form), by default they are deserialized without proper sanitization. This allows for deserialization attacks via multiple very frequent inputs (mainly in JSF and Seam applications).


2017-02-28 04:04:23

source

Download WordPress Themes Free
Download Best WordPress Themes Free Download
Download WordPress Themes Free
Download WordPress Themes
online free course

Tagged with:



Leave a Reply ✍


loading...