mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
Restructure repository: Remove OWASP categorization, organize by vulnerability type
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
@@ -0,0 +1,18 @@
|
||||
# Deserialization
|
||||
|
||||
## Description
|
||||
Insecure deserialization vulnerabilities occur when untrusted data is used to abuse the logic of an application, inflict a denial of service attack, or execute arbitrary code upon deserialization. This is particularly dangerous in applications that serialize and deserialize objects.
|
||||
|
||||
## Common Attack Vectors
|
||||
- Cookie values
|
||||
- API requests (JSON, XML, YAML)
|
||||
- Session data
|
||||
- Cached data
|
||||
- Message queues
|
||||
- File uploads
|
||||
|
||||
## Testing Approach
|
||||
Submit serialized objects with malicious payloads to test if the application deserializes untrusted data without proper validation.
|
||||
|
||||
## Payloads
|
||||
See `deserialization-payloads.txt` for a comprehensive list of deserialization attack payloads.
|
||||
Reference in New Issue
Block a user