Table of Contents Main parts of Phar file: 1. stub file identification 2. manifest 3. contents 4.signature topic: Main part of Phar file: 1. stub file identification The basic structure of the stub: xxx, The preceding content is not limited, but it must start with __HALT_COMPILER();?>, otherwise the phar extension will not recognize this file […]
Tag: deserialization
Vulnerability Analysis|Adobe ColdFusion Deserialization Vulnerability (CVE-2023-29300)
1. Vulnerability description Adobe ColdFusion is a rapid application development platform from the American company Adobe. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a code issue vulnerability. This vulnerability is caused by an untrusted data deserialization vulnerability. An attacker can execute code through the vulnerability, which can cause the […]
Network Programming Sockets (3) – Protocol Customization | Serialization and Deserialization
Article directory 1. Understand “agreement” 1. The concept of agreement 2.Transmission of structured data 3. Serialization and deserialization 2. Online calculator 1. Server 2.Protocol customization (1) Correct understanding of network sending and reading (2) Issues with protocol customization 3.Client 4.Code 3. Json implements serialization and deserialization 1. Brief introduction 2.Use 1. Understanding “agreement” 1. The […]
[Algorithm Challenge] Serialization and Deserialization of Binary Trees (including parsing and source code)
297. Serialization and deserialization of binary trees https://leetcode-cn.com/problems/serialize-and-deserialize-binary-tree/ Same topic: Sword Points Offer 37. Serialized Binary Tree 297. Serialization and deserialization of binary trees Question description Method 1: Level traversal Ideas Complexity analysis code Method 2: Preorder traversal Ideas Complexity analysis code Title description Serialization is the operation of converting a data structure or object […]
CVE-2023-34040 Kafka deserialization RCE
Vulnerability description Spring Kafka is a module in the Spring Framework ecosystem that is used to simplify the process of integrating Apache Kafka in Spring applications. A record refers to a record in a Kafka message. In the affected version, ErrorHandlingDeserializer is not configured for records by default. When the user sets the container property […]
Shiro deserialization vulnerability principle analysis and vulnerability reproduction (CVE-2016-4437)
Table of Contents Shiro-550 Deserialization Vulnerability Vulnerability introduction Vulnerability principle Shiro-721 Deserialization Vulnerability (CVE-2019-12422) What is the difference between Shiro550 and Shiro721 vulnerability fingerprint Vulnerability introduction Vulnerability principle Attack process Vulnerability recurrence: CVE-2016-4437 Vulnerability recurrence: CVE-2019-12422 Shiro-550 Deserialization Vulnerability Vulnerability Introduction shiro-550 is mainly a command execution vulnerability caused by the deserialization of shiro’s rememberMe […]
C++ implements structure serialization and deserialization
1. What is structure serialization and deserialization Serialization: It is the process of converting objects into byte sequences. Deserialization: It is the process of converting byte sequences into objects. The byte sequence serialized into an object will contain the object’s type information, object data, etc. To put it bluntly, it contains all the information describing […]
JAVA security Fastjson deserialization vulnerability principle and recurrence
Table of Contents Preface Test environment preparation dnslog test Build rmi server & prepare malicious classes Reference JdbcRowSetImpl attack Rebound shell$ command execution Summarize Keywords: fastjson 1.2.24 deserialization leads to arbitrary command execution vulnerability Note: This penetration test is all conducted in a virtual machine and is only for learning and communication. Please do not […]
[Java Tool Class] Tool class for converting Java objects and JSON strings to each other. Entity class objects are serialized into JSON strings and their deserialization methods.
Article Directory Article Table of Contents Text 1. Use the tool package (for example: hutool) 2. Write Json tool class Text In the process of web development, we often encounter scenarios that require JSON data, so we need some tools to help us quickly convert objects into JSON data and deserialize JSON data into Java […]
SpringBoot SerializationUtils cloning (deserialization) class loader inconsistency problem (ClassCastException)
Problem analysis When using the org.apache.commons.lang.SerializationUtils.clone method in SpringBoot, it was found that a type inconsistency error occurred when the cloned class was forced to the corresponding class. After inspection, it was found that two seemingly identical Class loaders for classes are inconsistent Scene Error message java.lang.ClassCastException: com.tianqiauto.tis.pc.dingdanyupai.po.PrePoint cannot be cast to com.tianqiauto.tis.pc.dingdanyupai.po.PrePoint Detection information […]