The previous lecture explained how to design an extensible and backward-compatible protocol in the RPC framework. The key point is to make good use of the extension fields in the Header and the extension fields in the Payload to achieve backward compatibility through the extension fields. So following the key point of the previous lecture, […]
Tag: serialization
Newstar week5 WEB Unserialize Again (phar deserialization, __wakeup() bypass, phar re-signing)
Table of Contents Main parts of Phar file: 1. stub file identification 2. manifest 3. contents 4.signature topic: Main part of Phar file: 1. stub file identification The basic structure of the stub: xxx, The preceding content is not limited, but it must start with __HALT_COMPILER();?>, otherwise the phar extension will not recognize this file […]
Implementation and principles of object serialization in Python
The pickle module can implement algorithms for converting arbitrary Python objects into a series of bytes (i.e., serialized objects). These byte streams can be transferred or stored, and then reconstructed into a new object that has the same characteristics as the original object. Notice: The documentation for pickle clearly states that it provides no security […]
Vulnerability Analysis|Adobe ColdFusion Deserialization Vulnerability (CVE-2023-29300)
1. Vulnerability description Adobe ColdFusion is a rapid application development platform from the American company Adobe. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has a code issue vulnerability. This vulnerability is caused by an untrusted data deserialization vulnerability. An attacker can execute code through the vulnerability, which can cause the […]
Network Programming Sockets (3) – Protocol Customization | Serialization and Deserialization
Article directory 1. Understand “agreement” 1. The concept of agreement 2.Transmission of structured data 3. Serialization and deserialization 2. Online calculator 1. Server 2.Protocol customization (1) Correct understanding of network sending and reading (2) Issues with protocol customization 3.Client 4.Code 3. Json implements serialization and deserialization 1. Brief introduction 2.Use 1. Understanding “agreement” 1. The […]
[Algorithm Challenge] Serialization and Deserialization of Binary Trees (including parsing and source code)
297. Serialization and deserialization of binary trees https://leetcode-cn.com/problems/serialize-and-deserialize-binary-tree/ Same topic: Sword Points Offer 37. Serialized Binary Tree 297. Serialization and deserialization of binary trees Question description Method 1: Level traversal Ideas Complexity analysis code Method 2: Preorder traversal Ideas Complexity analysis code Title description Serialization is the operation of converting a data structure or object […]
[Practical Combat-08] Flink consumes kafka custom serialization
Purpose Let the data consumed from kafka be directly converted into our objects mvn pom <!– Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, […]
CVE-2023-34040 Kafka deserialization RCE
Vulnerability description Spring Kafka is a module in the Spring Framework ecosystem that is used to simplify the process of integrating Apache Kafka in Spring applications. A record refers to a record in a Kafka message. In the affected version, ErrorHandlingDeserializer is not configured for records by default. When the user sets the container property […]
Shiro deserialization vulnerability principle analysis and vulnerability reproduction (CVE-2016-4437)
Table of Contents Shiro-550 Deserialization Vulnerability Vulnerability introduction Vulnerability principle Shiro-721 Deserialization Vulnerability (CVE-2019-12422) What is the difference between Shiro550 and Shiro721 vulnerability fingerprint Vulnerability introduction Vulnerability principle Attack process Vulnerability recurrence: CVE-2016-4437 Vulnerability recurrence: CVE-2019-12422 Shiro-550 Deserialization Vulnerability Vulnerability Introduction shiro-550 is mainly a command execution vulnerability caused by the deserialization of shiro’s rememberMe […]
HTML + CSS serialization | 36 – select drop-down list
1. Select option list The drop-down list is also a selection type element. The drop-down list can save space on the web page. By default, only one option is displayed. Multiple options will be displayed only when the drop-down button is clicked. For example, it is used when selecting the address below. drop-down list. The […]