Insecure deserialization
Lab: Modifying serialized objectsLab: Modifying serialized data typesLab: Using application functionality to exploit insecure deserializationLab: Arbitrary object injection in PHPLab: Exploiting Java deserialization with Apache CommonsLab: Exploiting PHP deserialization with a pre-built gadget chainLab: Exploiting Ruby deserialization using a documented gadget chainLab: Developing a custom gadget chain for Java deserializationLab: Developing a custom gadget chain for PHP deserializationLab: Using PHAR deserialization to deploy a custom gadget chain
Última actualización