From Serialized Bytes to Shell:
Exploiting Java Deserialization in Spring HttpInvoker A Penetration Testing Case Study – by Teodor Lupan Abstract This paper documents the exploitation of an insecure deserialization vulnerability discovered during an authorized penetration test of an enterprise financial management application (“DebtApp”). The application uses Spring Framework’s HttpInvoker protocol, which relies on native Java serialization for client-server communication.
Read More
Recent Comments