From 5fec4f7c21c9a416fd481120e246e49a5b3774a7 Mon Sep 17 00:00:00 2001 From: Hi15358 Date: Wed, 30 Oct 2019 11:36:09 +0800 Subject: [PATCH] Update Java.md --- Insecure Deserialization/Java.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Insecure Deserialization/Java.md b/Insecure Deserialization/Java.md index f3606d1..5915688 100644 --- a/Insecure Deserialization/Java.md +++ b/Insecure Deserialization/Java.md @@ -63,10 +63,12 @@ JRE8u20_RCE_Gadget JexBoss - JBoss (and others Java Deserialization Vulnerabilities) verify and EXploitation Tool, [https://github.com/joaomatosf/jexboss](https://github.com/joaomatosf/jexboss) +ysoserial-modified [https://github.com/pimps/ysoserial-modified](https://github.com/pimps/ysoserial-modified) + ## References - [Github - ysoserial](https://github.com/frohoff/ysoserial) - [Java-Deserialization-Cheat-Sheet - GrrrDog](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md) - [Understanding & practicing java deserialization exploits](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/) - [How i found a 1500$ worth Deserialization vulnerability - @D0rkerDevil](https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a) -- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html) \ No newline at end of file +- [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)