Publicaciones

New Weblogic 0day (More Metasploit Modules)

This time, a short review. The last Sunday (April 21st), KnownSec 404 Team issued an alert about a new vulnerability that has been exploited in the wild, a 0day for Weblogic, as usual, a deserialization vulnerability, this time in one of its components deployed as a web service (wls9_async and wls-wsat). Some days later (April 23rd), China National Vulnerability Database[1] and…

Exploiting vulnerabilities in Oracle WebLogic

Object serialization in Java language To understand everything concerning this type of vulnerabilities, and for those who have little programming experience, first, you need to know is: what is object serialization. Object serialization is nothing more than the conversion of an object into a format (p.e. a byte stream) which then can be stored or…