1. Главная
2. VISTA InfoSec

Web applications make use of serialization and deserialization on a regular basis and most programming languages even provide native features to serialize data (especially into common formats like JSON and XML). It’s important to understand that safe deserialization of objects is normal practice in software development. The trouble however, starts when deserializing untrusted user input. By injecting an untrusted or unknown data is used to either inflict a denial of service attack (DoS attack), execute code, bypass authentication or further abuse the logic behind an application.

Here the application is vulnerable to Insecure Deserialization as you can find the the cookie in the header is serialized data, once we start decoding the parameter we start injecting and fiddling with the cookie header. We see the results, as it executes successfully and displays the output to us. We further probe for an RCE (Remote Code Execution) to achieve a reverse shell on our machine. Finally we get a reverse shell and we can see the contents within the system, here we stop or one could further compromise the system or the network.

Stay Connected
🐥Twitter:   / vistainfosec  
🛄 Linkedln:   / vista.  .
👍 Facebook:   / vistainfosec  

More Free Resources
Blog: https://www.vistainfosec.com/blog/
Webinars: https:https://www.vistainfosec.com/webinar.php
Videos: https://www.vistainfosec.com/media-vi...

About Us
Established in 2004, VISTA InfoSec is involved from Day one in providing vendor-neutral consulting services in the areas of Information Risk Compliance and Infrastructure Advisory Services. Vista Infosec most commonly provides advice on SOC 1, SOC 2, PCI DSS, HIPAA, HITRUST, GDPR, ISO 27001. Having offices in Mumbai, Singapore, USA and offering services to clients all over the world.

For more about Vista InfoSec: https://www.vistainfosec.com/
Contact us today: https://www.vistainfosec.com/contact-...
Phone Number: +91 99872 44769
Email: [email protected]

play_arrow

1,827,695

23 тыс

00:26:48

Long Beach vs UCSB Volleyball Highlights 2019

play_arrow

48

1

10 марта 2023 г.

play_arrow

673

3

эйвон добавить в заказ / Как добавить код в заказ AVON через Viber БОТ?

play_arrow

30,169,184

83 тыс

Anma Blue | Resort 2023 | Full Show

play_arrow

10,930

150

00:00:00

Ординатура: что я делаю после университета?

play_arrow

9,610

35

ODETTE CHURCHILL PREMIER

play_arrow

3,930

235

Объект 252У wot blitz | Брать не брать?

play_arrow

2,752

44

Почему всплывают тела в суспензии 1