mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-21 18:11:37 +01:00
Update java-XMLDecoder-RCE.md
This commit is contained in:
parent
8c23453c9f
commit
3a2968f8da
@ -78,3 +78,7 @@ Then the payload would look like:
|
|||||||
</void>
|
</void>
|
||||||
</java>
|
</java>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
For more payloads and guides how to leverage **XMLDecoder** deserialization vulnerability, one can refer to following good quality sources:
|
||||||
|
- http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
|
||||||
|
- https://github.com/o2platform/DefCon_RESTing/tree/master/Demos/_O2_Scripts/XmlEncoder%20-%20Restlet/exploits
|
||||||
|
Loading…
Reference in New Issue
Block a user