Serial Killer Silently Pwning Your Java Endpoints
asd-f03-serial-killer-silently-pwning-your-java-endpoints
asd-f03-serial-killer-silently-pwning-your-java-endpoints
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
New RCE Gadget in BeanShell<br />
(CVE-2016-2510)<br />
bsh.XThis$Handler<br />
<strong>Serial</strong>izable Invoca@onHandler<br />
Upon func@on intercep@on custom BeanShell code will be called<br />
Almost any <strong>Java</strong> code can be included in the payload<br />
In order to invoke the payload a trigger gadget is needed<br />
12