Git
/
mgeeky-Penetration-Testing-Tools
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update java-XMLDecoder-RCE.md

This commit is contained in:
Mariusz 2018-05-02 11:39:24 +02:00 committed by GitHub
parent 8c23453c9f
commit 3a2968f8da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
web/java-XMLDecoder-RCE.md
View File

@ -78,3 +78,7 @@ Then the payload would look like:
</void>
</java>
```
For more payloads and guides how to leverage **XMLDecoder** deserialization vulnerability, one can refer to following good quality sources:
- http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
- https://github.com/o2platform/DefCon_RESTing/tree/master/Demos/_O2_Scripts/XmlEncoder%20-%20Restlet/exploits