Skip to main content

All Questions

Ask Question
Tagged with
19 questions
Newest Active Bountied Unanswered
63 votes
3 answers
66k views

Log4j vulnerability - Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?

With regard to the Log4j JNDI remote code execution vulnerability that has been identified CVE-2021-44228 - (also see references) - I wondered if Log4j-v1.2 is also impacted, but the closest I got ...
Ravindra HV's user avatar
Ravindra HV
  • 2,608
0 votes
1 answer
1k views

Java Deserialization gadget - Why is this ysoserial payload using reflection to set the TiedMapEntry?

I started studying Java deserialization gadgets. I started with the famous Apache Common Collections gadget and was looking at @matthias_kaiser's gadget chain. https://github.com/frohoff/ysoserial/...
Haunted's user avatar
Haunted
  • 465
5 votes
1 answer
1k views

CVE-2018-14667; generating a valid payload for RichFaces 3.X

I am currently running on a virtual machine JBoss 5.1.0GA + RichFaces 3.X + photoalbum demo which makes me vulnerable (only accessible from my LAN) to CVE-2018-14667. I have tested the payload ...
Gerald's user avatar
Gerald
  • 83
0 votes
0 answers
2k views

Exploit payload for expression language injection

http://blog.mindedsecurity.com/2015/11/reliable-os-shell-with-el-expression.html shows a great way to get OS access via EL injection and I have used it many times with success. The post says: Call ...
Bob Doyle's Pencil's user avatar
Bob Doyle's Pencil
  • 1
0 votes
1 answer
2k views

CVE-2015-4852: Evaluating Apps for Vunerability

My understanding from the write-up and example exploits of CVE-2015-4852 by Foxglove is that you need code which receives user-provided serialized objects and the Apache commons-collections present on ...
Jacob Zwiers's user avatar
Jacob Zwiers
  • 1,102
8 votes
1 answer
6k views

Is it safe to expose java remote debugger port to the internet?

I was going to expose a port for remote debugging of Java-based web service over the internet, but thinking twice I realised that it has no any authentification. Theoretically, it seems to be ...
Dmitriusan's user avatar
Dmitriusan
  • 12.4k
2 votes
1 answer
585 views

Are java exploits based off of the jre used to run the application or the jdk used to compile the code, or both?

I know this question might be kind of broad. There may be some exceptions. Suppose I compiled with Java 6 jdk, but than ran with Java 7 jre. Would the application be vulnerable to Java 6 exploits ...
GC_'s user avatar
GC_
  • 518
2 votes
0 answers
299 views

Java instrumentation tools for bytecode analysis? (intercepting java webapp bytecode during loadtime) [closed]

I'll start with presenting my motivation: i am researcher , and i am working on few ideas to prevent java webapp exploits (till now worked with windbg and other tools for non-java type of exploits) . ...
Michael's user avatar
Michael
  • 2,877
0 votes
3 answers
59 views

Reflection improvements to access field secret, when field type is unknown

I am learning about Security and looking at storing secrets in the clear. When I retrieve the contents of a private field, it returns an Object. My mal code correctly assumes and casts the Object as ...
Another Compiler Error's user avatar
Another Compiler Error
  • 373
0 votes
1 answer
106 views

How is malicious reflection used during the original running of an application

I can use Reflection under my own main method to access and look at the private fields of a jar file as made and corrected here. I would like to know when the vulnerable jar file has it's own main ...
Another Compiler Error's user avatar
Another Compiler Error
  • 373
0 votes
3 answers
144 views

I can't use malicous reflection to view values of private fields

I can get the value of the protected field, but the private field throws java.lang.IllegalAccessException. I think I know why I'm getting this exception, but how is reflection used to exploit the ...
Another Compiler Error's user avatar
Another Compiler Error
  • 373
1 vote
2 answers
782 views

Silly Example of a Deserialisation Attack

I'm trying to understand a deserialisation attack, so I have thought of this example, if you could correct me if I have misunderstood something, that would be helpful. I have this fiction class. ...
Another Compiler Error's user avatar
Another Compiler Error
  • 373
-2 votes
1 answer
480 views

Is Google Chrome Vurnerable to Zero Day Java Exploit like IE?

I've seen IE 6 to 10 can be easaily exploited using the Zero Day Java Exploit (CVE-2013-0422) And If the IE have been exploited.. We can access the hardisk file even cookies or password.. That's very ...
dytra's user avatar
dytra
  • 305
0 votes
1 answer
134 views

Where can I download JRE 7u5 plugin for any browser?

I was looking for a good exploit to use as my final project for security class so I though for JRE 7u5 bug to exploit using Metasploit. Where I can download that version of plugin for FireFox/IE/...
HelpNeeder's user avatar
HelpNeeder
  • 6,500
3 votes
2 answers
3k views

How to guard against Resource exhaustion and other vulnerabilities?

We happened to use IBM appscan http://www-01.ibm.com/software/awdtools/appscan/ against our java codebase, and it returned around 3000 high severity vulnerabilities. Most of them happen to be ...
roymustang86's user avatar
roymustang86
  • 8,663

15 30 50 per page
1
2