This one was a fun little hack. Versions 5.4.1.7 and below, and 5.4.0.12 and below of the X-Cart PHP ecommerce platform are affected by an unauthenticated vulnerability that allows an…
In October 2017 I published an overview and video proof-of-concept of a Java RMI/deserialization vulnerability affecting the Flex Integration service of Adobe ColdFusion. I held off on publishing all of…
Fun with PHP deserialization and some accidental WordPress bugs. A few months ago I was putting together a blog post on PHP deserialization vulnerabilities. I decided to look for a…
The name gives it away, Java Management Extensions (JMX) is a potentially juicy target for attack. One of the ways that a JMX service may be exposed is using Java…
Deserialization vulnerabilities are far from new, but exploiting them is more involved than other common vulnerability classes. During a recent client engagement I was able to take advantage of Java…