Java: Tools
1 minute read
Return Home
marshalsec
This paper presents an analysis, including exploitation details, of various Java open-source marshalling libraries that allow(ed) for unmarshalling of arbitrary, attacker supplied, types and shows that no matter how this process is performed and what implicit constraints are in place it is prone to similar exploitation techniques.
I feedback.
Let me know what you think of this article on twitter @_TheGetch_!
Let me know what you think of this article on twitter @_TheGetch_!