Serial Killer Silently Pwning Your Java Endpoints
OWASPBNL_Java_Deserialization
OWASPBNL_Java_Deserialization
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
New RCE Gadget in BeanShell<br />
(CVE-2016-2510)<br />
bsh.XThis$Handler<br />
<strong>Serial</strong>izable Invoca@onHandler<br />
Upon func@on intercep@on custom BeanShell code will be called<br />
Almost any <strong>Java</strong> code can be included in the payload<br />
In order to invoke the payload a trigger gadget is needed<br />
12