Publicaciones

New Weblogic 0day (More Metasploit Modules)

Autor: Andres Rodriguez
29 abril, 2019

This time, a short review. The last Sunday (April 21st), KnownSec 404 Team issued an alert about a new vulnerability that has been exploited in the wild, a 0day for Weblogic, as usual, a deserialization vulnerability, this time in one of its components deployed as a web service (wls9_async and wls-wsat). Some days later…

Leer más

Exploiting vulnerabilities in Oracle WebLogic

Autor: Andres Rodriguez
17 febrero, 2019

Object serialization in Java language To understand everything concerning this type of vulnerabilities, and for those who have little programming experience, first, you need to know is: what is object serialization. Object serialization is nothing more than the conversion of an object into a format (p.e. a byte stream) which…

Leer más