This type of research is not new, it is rather old and I found few reference about it( check reference section). I thought it would be useful to add little more explanation and details about this type of attack as it is very less documented and I had spent a considerable amount of time on writing the various type of exploits other than those which I found online. Exploiting this feature is relatively easy but tricker as you need to be creative in writing the exploit in XML style. You can stop here for a moment and have a closer look at the Javabean Persistence XML Scheme and how we can reconstruct object or call a function using the XML Scheme. https://www.oracle.com/technical-resources/articles/java/persistence3.html Now why did I mention ret2lib style. In some binary exploitation challenges we try to jump to the destination functions of our interest by redirecting to the function. Sometimes using the system() and passing some arguments in our exploit, we can run some system comman
Web - Network - System - Mobile - Cloud - Automotive - Embedded - Internet Of Things (IOT)