Comments for It can't rain forever…

Comment on Remotely execute Java code using JSON by Is it a good idea to have vulnerable opensource components in my application? – Ship software without vulnerabilities.

Tue, 16 Nov 2021 07:15:42 +0000

[…] remote code execution can be exploited? It’s just one configuration property away: enable polymorphic JSON deserialization and you are on.An apparently innocuous JSON message can feed now code to your server to be remotely […]

Comment on JVM issue: concurrency is affected by changing the date of the system! [part 4] by JVM issue: concurrency is affected by changing the date of the system! [part 3] | It can't rain forever...

Thu, 20 Feb 2020 18:01:29 +0000

[…] Part 4 […]

Comment on JVM issue: concurrency is affected by changing the date of the system! [part 4] by JVM issue: concurrency is affected by changing the date of the system! [part 2] | It can't rain forever...

Thu, 20 Feb 2020 18:00:57 +0000

[…] Part 4 […]

Comment on JVM issue: concurrency is affected by changing the date of the system! [part 4] by JVM issue: concurrency is affected by changing the date of the system! | It can't rain forever...

Thu, 20 Feb 2020 17:59:54 +0000

[…] Part 4 […]

Comment on Remotely execute Java code using JSON by Vulnerability Focus: Java – Ship software without vulnerabilities.

Vulnerability Focus: Java – Ship software without vulnerabilities. — Thu, 08 Aug 2019 11:59:58 +0000

[…] To find out more about jackson-databind exploits, click here. […]

Comment on Remotely execute Java code using JSON by Vulnerability Focus: Java and JavaScript – Ship software without vulnerabilities.

Mon, 05 Aug 2019 12:46:35 +0000

[…] To find out more about Jackson Databind exploits, click here. […]

Comment on IMWorld Bucharest by Geecon19 | It can't rain forever...

Geecon19 | It can't rain forever... — Thu, 16 May 2019 13:24:08 +0000

[…] check my previous blog post to access the full descriptions of the demonstration. […]

Comment on Remotely execute Java code using JSON by New vulnerabilities in jackson-databind – Ship software without vulnerabilities.

Tue, 23 Oct 2018 08:18:53 +0000

[…] using, in a very creative way, some standard classes (see an example exploit documented a while ago on my personal blog) and all due to a blacklisting mechanism that continues to require […]

Comment on Remotely execute Java code using JSON by IMWorld Bucharest | It can't rain forever...

IMWorld Bucharest | It can't rain forever... — Wed, 03 Oct 2018 11:06:25 +0000

[…] Download the latest client from the website and run it against a sample project (you can use this one we used in the previous blog post): […]

Comment on Remotely execute Java code using JSON by Talking About Open Source Vulnerabilities at Codemotion Rome 2018 – Meterian HQ

Thu, 19 Apr 2018 19:09:16 +0000

[…] message. If you are a software developer or a technical person I encourage you to have a look at this technical explanation, which allows you to reproduce the same experiment I […]