March 12, 2019

When EL Injection meets Java Deserialization

Getting around the incompatible library restriction in deserialization process and a reliable RCE from EL expression in exploiting Richfaces' CVE-2018-12532.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)