Showing with 2 additions and 0 deletions
Ce serveur Gitlab sera éteint le 30 juin 2020, pensez à migrer vos projets vers les serveurs gitlab-research.centralesupelec.fr et gitlab-student.centralesupelec.fr !
|...||...||@@ -4,5 +4,7 @@ SSI Exam - Attack by JSON deserialization|
|In 2016, a lot of attacks using Java deserialization happened. Many turned to JSON libraries, thought to be safer. However no library can be fully trusted when used to deserialize untrusted data. As long as there is enough space and that user-controlled types can be invoked, attackers will be able to start a gadget chain that can lead to the execution of arbitrary code.|
|This presentation focuses on a vulnerability of the Jackson library. When deserializing objects with disabled type control, setter calls can lead to remote code execution. This example specifically uses the class com.sun.rowset.JdbcRowSetImpl, which's methos setAutocommit() can be used to load and execute a user-controlled factory.|
|If you absolutely need to deserialize untrusted data, make sure that you use a secure library with strict type control and that you never use user-controlled data for the deserializer expected type.|