all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Need help with a java deserialization CommonsCollections4

Add to bookmarks
Oct. 28, 2023, 5:24 p.m. | /u/CyberBarbier

cybersecurity www.reddit.com

Hello, I'm partaking in a private bounty, I have found a base64 deserialization command injection.
I'm able to execute certutil.exe and ping -n 1 -l 1 [10.10.10.10](https://10.10.10.10) for example,
I get both dns and http request to the correct endpoint using certutil, while an icmp dump shows the ping so the command injection is pretty much confirmed.
Thing is, I haven't been able to go past that,
the server should be [ASP.NET](https://ASP.NET) but the deserialization is in Java and the …

base64 bounty certutil command command injection cybersecurity deserialization dns endpoint found hello http icmp injection java java deserialization ping private request

Visit resource

More from www.reddit.com / cybersecurity

Got a job as a Information Security Engineer; any book recs? 13 hours ago | www.reddit.com
book books ccsp certification +13
Any CCISO holders that can offer insight into the exam? 14 hours ago | www.reddit.com
admin can compliance council +18
Penetration testing report 14 hours ago | www.reddit.com
app cybersecurity penetration penetration testing +2
UCF wins the National Collegiate Cyber Defense Competition 15 hours ago | www.reddit.com
competition cyber cyber defense cybersecurity +4
Composition of roles in a security team 17 hours ago | www.reddit.com
cybersecurity endpoint grc interest +12
What are your top 5 questions to ask before hiring a Managed Security Service Provider … 19 hours ago | www.reddit.com
alignment ask capabilities communication +22
How much knowledge do you guys know about the industry that you work in? 20 hours ago | www.reddit.com
banking cybersecurity etc gas +8
Cisco reveals zero-day attacks used by hackers to attack government networks in major threat campaign 22 hours ago | www.reddit.com
attack attacks campaign cisco +7
Any Fortune 100 company go all in on Microsoft E5 Security Suite? 1 day, 8 hours ago | www.reddit.com
all in cybersecurity defender defenders +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Associate Principal Security Engineer

@ Activision Blizzard | Work from Home - CA
View on infosec-jobs.com

Security Engineer- Systems Integration

@ Meta | Bellevue, WA | Menlo Park, CA | New York City
View on infosec-jobs.com

Lead Security Engineer (Digital Forensic and IR Analyst)

@ Blue Yonder | Hyderabad
View on infosec-jobs.com

Senior Principal IAM Engineering Program Manager Cybersecurity

@ Providence | Redmond, WA, United States
View on infosec-jobs.com

Information Security Analyst II or III

@ Entergy | The Woodlands, Texas, United States
View on infosec-jobs.com
View more jobs