GrrrDog
commented
7 years ago I'll add it
Closed joaomatosf closed 7 years ago
GrrrDog
commented
7 years ago I'll add it
joaomatosf
commented
7 years ago Thanks ;D
GrrrDog
commented
7 years ago added
Jexboss makes automated exploitation of various deserialization problems, including: JMXInvokerServlet (since 2013), javax.faces.ViewState (and any HTTP POST parameters), RMI, Jenkins, etc.
Link: https://github.com/joaomatosf/jexboss
Videos: Exploiting Java Deserialization Vulnerabilities (RCE) on JSF/Seam Applications with JexBoss https://www.youtube.com/watch?v=VaLSYzEWgVE Exploiting JBOSS with JexBoss https://www.youtube.com/watch?v=yI54sRqFOyI
Can you consider including it in cheat-Sheet?
Thanks