March 13, 2019
A Saga of Code Executions on Zimbra
Zimbra is well known for its signature email product, Zimbra Collaboration Suite. Putting client-side vulnerabilities aside, Zimbra seems to...
March 12, 2019
When EL Injection meets Java Deserialization
Getting around the incompatible library restriction in deserialization process and a reliable RCE from EL expression in exploiting Richfaces...
MatesCTF 2018 WutFaces & CVE-2013-2165
A CTF challenge based on the idea of a 1-day analysis and a custom-made deserialization gadget. Original content Original attachment
View web version