Nov. 14, 2023, 1:25 a.m. |

Packet Storm

This Metasploit module leverages an insecure deserialization of data to get remote code execution on the target OS in the context of the user running the website which utilized AjaxPro. To achieve code execution, the module will construct some JSON data which will be sent to the target. This data will be deserialized by the AjaxPro JsonDeserializer and will trigger the execution of the payload. All AjaxPro versions prior to are vulnerable to this issue, and a vulnerable method …

code code execution context data deserialization insecure json metasploit remote code remote code execution running target website

Information Security Engineers

@ D. E. Shaw Research | New York City

Staff Security Engineering(Cloud Security)

@ Coupang | Seoul, South Korea

Consultant en Gestion de Crise Cyber et Continuité d'Activité H/F

@ Hifield | Sèvres, France

Forensic Service Director

@ PwC | Calgary - 111-5th Avenue Southwest

Information Security Analyst

@ Guidewire Software | India - Bengaluru

Cyber Security Engineer III-IV (Splunk Content Developer/ES Search head Admin)

@ Navy Federal Credit Union | Vienna, VA, United States