Jackson Jackson is an open source Java serialization and deserialization tool that can serialize Java objects into strings in XML or JSON format, and deserialize strings in XML or JSON format into Java objects. Because it is simple to use, fast, and does not rely on other libraries except JDK, it is used by many […]
Tag: deserialization
A brief introduction to php objects and deserialization
Foreword Keywords: object, class, member variable, member function, parent and child classes, serialization, deserialization, magic method, poc Thanks to K3zy seniors who let me appreciate the power of php deserialization: https://github.com/kkontheway Introduction Object-oriented is a programming idea and method That is to encapsulate data and methods of operating data into an object to achieve specific […]
CVE-2022-41082: Simple analysis of Microsoft Exchange deserialization type confusion RCE vulnerability
Introduction Vulnerability number: CVE-2022-41082 Vulnerability Type: Type Confusion Software name: Microsoft Exchange Module name: Exchange service powershell interface module Historical Vulnerabilities: Popular Software Vulnerable Affected versions: Microsoft Exchange Server 2019 2016 2013 Attack Exploit: Exploit in the wild detected Cause analysis Through CVE-2022-41040, the remote powershell support of the Exchange server can be turned on, […]
Deserialization security issues caused by Django-Session configuration
Cause of vulnerability The cause of the vulnerability is located under the target configuration file settings.py About these two configuration items SESSION_ENGINE: In Django, SESSION_ENGINE is a setting that specifies the engine used to store and process session data. The SESSION_ENGINE setting allows you to choose a different backend engine to store session data, for […]
Deserialization (PHP, python), involving character escaping and phar
PHP This article is good: [CTF] Summary of PHP deserialization Note: After writing the eval command, be sure to add ‘;’ at the end If it is: @eval($this->txw4ever); For such an eval function, remember to add ;’ after writing the command Scene: 1. After writing something like system(“ls”), ;’ should be changed to: system(ls’); 2. […]
Easily understand Java serialization, deserialization, reflection, dynamic proxy, and annotations
Serialization The process of converting Java objects into byte sequences The main purpose of object serialization is to ensure the integrity and deliverability of objects when transferring and saving objects. Serialization is the conversion of objects into an ordered stream of bytes for transmission over the network or storage in a local file. The core […]
Apache Shiro component deserialization vulnerability analysis
Overview Apache Shiro is a powerful and easy-to-use Java security framework that performs authentication, authorization, password and session management. Using Shiro’s easy-to-understand API, you can quickly and easily get any application, from the smallest mobile app to the largest web and enterprise applications. Its principle is relatively simple:In order to prevent users from losing their […]
Custom deserialization class converts LocalDate time format to LocalDateTime
Deserialize data received from the front end into classes. If the time format is inconsistent, deserialization may fail public class StorageDTO implements Serializable {<!– –> private static final long serialVersionUID = 1L; … //The format in the entity class is @JsonFormat(pattern = “yyyy-MM-dd”) @JsonDeserialize(using = CustomLocalDateTimeDeserializer.class) @ApiModelProperty(“Generation time”) private LocalDateTime generateTime; } //Customized deserialization class […]
Deserialization security issues caused by Django-Session configuration
Cause of vulnerability The cause of the vulnerability is located under the target configuration file settings.py About these two configuration items SESSION_ENGINE: In Django, SESSION_ENGINE is a setting that specifies the engine used to store and process session data. The SESSION_ENGINE setting allows you to choose a different backend engine to store session data, for […]
Python data serialization and deserialization: efficient data exchange and storage
Get more information Personal website: Brother Tao talks about Python Data flows constantly in the computing world, but sharing and storing data across different applications, systems, and languages can involve a variety of complexities and challenges. Python provides a wealth of tools and libraries to handle data serialization and deserialization. This article will guide you […]