unsafe-deserialization

2 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
RCE in Hubspot with EL injection in HubL
vulnerability

A researcher discovered remote code execution in HubSpot's template engine by exploiting expression language injection in HubL, using reflection to access javax.script.ScriptEngineManager and the Nashorn JavaScript engine to execute arbitrary code. The vulnerability arose from unsafe method calls allowed in the Jinjava-based template parser, which permitted access to Java reflection APIs despite blocking direct access to Runtime and System classes.

rce expression-language-injection template-injection el-injection java hubl jinjava bug-bounty nashorn script-engine-manager reflection unsafe-deserialization
HubSpot HubL Jinjava PortSwigger javax.script.ScriptEngineManager jdk.nashorn.api.scripting.NashornScriptEngine com.hubspot.content.hubl.context.TemplateContextRequest
betterhacker.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details
0
Paypal RCE
bug-bounty

A critical remote code execution vulnerability was discovered in PayPal's manager.paypal.com through unsafe Java object deserialization in the 'oldFormData' parameter, exploitable via the Commons Collections gadget chain and ysoserial tool to execute arbitrary OS commands and access production databases. The vulnerability was reported in December 2015 and patched by PayPal's security team.

remote-code-execution java-deserialization unsafe-deserialization object-deserialization commons-collections ysoserial paypal bug-bounty web-application post-parameter-injection gadget-chain arbitrary-command-execution
PayPal manager.paypal.com Michael Stepankin artsploit Chris Frohoff Gabriel Lawrence Mark Litchfield FoxGlove Security ysoserial Commons Collections
artsploit.blogspot.com · devanshbatham/Awesome-Bugbounty-Writeups · 4 hours ago · details