Serial Killer Silently Pwning Your Java Endpoints
04.03.2016 Views
Share Embed Flag

Serial Killer Silently Pwning Your Java Endpoints

asd-f03-serial-killer-silently-pwning-your-java-endpoints

asd-f03-serial-killer-silently-pwning-your-java-endpoints

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
pwntester

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Triggering Execu;on via "Magic Methods"<br />

ObjectInputStream <strong>Serial</strong>izable Class Application Code Garbage Collector<br />

4. Resolve classes of stream<br />

resolveClass()<br />

5. Deserialize objects<br />

1. Get bytes<br />

2. Initialize ObjectInputStream<br />

3. Read object from stream<br />

• ois.readObject()<br />

6. Restore object member fields<br />

• readObject(ObjectInputStream)<br />

• readObjectNoData()<br />

7. Eventually replace restored object<br />

• readResolve()<br />

8. Optionally validate object<br />

• validateObject()<br />

9. Cast deserialized object to expected type<br />

10.Use deserialized object<br />

11.Call finalize() on GC<br />

7

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!