Ce serveur Gitlab sera éteint le 30 juin 2020, pensez à migrer vos projets vers les serveurs gitlab-research.centralesupelec.fr et gitlab-student.centralesupelec.fr !

Commit cb2e3766 authored by Quentin Rossettini's avatar Quentin Rossettini

updated abstract

parent d612adfc
......@@ -4,5 +4,7 @@ SSI Exam - Attack by JSON deserialization
In 2016, a lot of attacks using Java deserialization happened. Many turned to JSON libraries, thought to be safer. However no library can be fully trusted when used to deserialize untrusted data. As long as there is enough space and that user-controlled types can be invoked, attackers will be able to start a gadget chain that can lead to the execution of arbitrary code.
This presentation focuses on a vulnerability of the Jackson library. When deserializing objects with disabled type control, setter calls can lead to remote code execution. This example specifically uses the class com.sun.rowset.JdbcRowSetImpl, which's methos setAutocommit() can be used to load and execute a user-controlled factory.
If you absolutely need to deserialize untrusted data, make sure that you use a secure library with strict type control and that you never use user-controlled data for the deserializer expected type.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment