|
You are here |
www.veracode.com | ||
| | | | |
pyn3rd.github.io
|
|
| | | | | 0x01 ForewordsIn my previous presentation at the HITB Singapore Security Conference in 2021, titled "Make JDBC Attacks Brilliant Again," I delved into the vulnerabilities associated with JDBC (Java Da | |
| | | | |
taeluralexis.com
|
|
| | | | | In this writeup, we'll exploit a Linux machine on Hack The Box with CVE-2023-46604, leveraging Java deserialization for remote code execution. | |
| | | | |
y4y.space
|
|
| | | | | Intro The exploitation of this RCE consists of two parts, one being the lack of authentication validation to h5-vsan endpoint, and another being the unsafe reflection usage in Java which then caused a JNDI injection. I was not smart enough to come up with the JDNI attack chain, but certainly learned a lot while attempting... | |
| | | | |
blog.kdgregory.com
|
|
| | | When I want to package a Java application in a single JAR with all of its dependencies, I normally turn to Maven's Shade plugin. This ... | ||