Java deserialization vulnerability
Deserialization Vulnerabilities
How did the JAVA deserialization vulnerability arise?
1. Since there are java deserialization functions in interfaces such as many sites or RMI warehouses, the attacker can deserialize the target by constructing a serialized flow of specific malicious objects, so as to achieve their own malicious expected behavior, including Command execution, even getshell etc.
2. Apache Commons Collections is a Collections collector framework developed by the open source group Apache. There is an InvokerTransformer.java interface in this framework. Classes implementing this interface can call any function by calling the java reflection mechanism, so we can execute system commands by calling the Runtime.getRuntime.exec() function. The widespread use of the Apache commons collections package has also led to the widespread prevalence of java deserialization vulnerabilities.
So the final result is that if the Java application deserializes the user's input, the attacker can construct malicious input and let the deserialization process execute our custom commands, thereby achieving remote arbitrary code execution.
Before talking about the principle of deserialization vulnerabilities, let's talk about the serialization and deserialization of JAVA objects
Serialization and deserialization
Serialization : The process of converting an object's state information into a form that can be stored or transmitted. During serialization, the object will