Serial Killer Silently Pwning Your Java Endpoints
asd-f03-serial-killer-silently-pwning-your-java-endpoints
asd-f03-serial-killer-silently-pwning-your-java-endpoints
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Finding Direct Deserializa;on <strong>Endpoints</strong><br />
Find calls (within your code and your dependencies’ code) to:<br />
ObjectInputStream.readObject()<br />
ObjectInputStream.readUnshared()<br />
Where InputStream is aEacker controlled. For example:<br />
1 InputStream is = request.getInputStream();<br />
2 ObjectInputStream ois = new ObjectInputStream(is);<br />
3 ois.readObject();<br />
… and ObjectInputStream is or extends java.io.ObjectInputStream<br />
… but is not a safe one (eg: Commons-io Valida@ngObjectInputStream)<br />
33