mirror of https://github.com/0x5t4l1n/hunting.git synced 2026-05-26 11:35:51 +00:00

Files

T

copilot-swe-agent[bot] ba72efbc5e Restructure repository: Remove OWASP categorization, organize by vulnerability type

Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>

2026-01-04 19:01:04 +00:00

716 B

Raw Blame History

Deserialization

Description

Insecure deserialization vulnerabilities occur when untrusted data is used to abuse the logic of an application, inflict a denial of service attack, or execute arbitrary code upon deserialization. This is particularly dangerous in applications that serialize and deserialize objects.

Common Attack Vectors

Cookie values
API requests (JSON, XML, YAML)
Session data
Cached data
Message queues
File uploads

Testing Approach

Submit serialized objects with malicious payloads to test if the application deserializes untrusted data without proper validation.

Payloads

See deserialization-payloads.txt for a comprehensive list of deserialization attack payloads.

716 B Raw Blame History