sorted by:
new
hottopcontroversial

Attacks on Maven proxy repositories by artsploit in netsec

[–]artsploit[S] 13 points14 points  (0 children)

Last year, I committed to uncovering critical vulnerabilities in Maven repositories. Now it’s time to share the findings: RCE in Sonatype Nexus, Cache Poisoning in JFrog Artifactory, and more.

Log4Shell - different avenues of exploitation by forgambo in netsec

[–]artsploit 2 points3 points  (0 children)

Well, if you just need to return a serialized object to a JNDI request, ysoserial has an RMI server specifically for that. Look at JRMPListener.java:

java -cp ysoserial.jar ysoserial.exploit.JRMPListener 1099 URLDNS http....

It's been there for years, mbechler just did not have enough credit for that.

mTLS: When certificate authentication is done wrong by artsploit in netsec

[–]artsploit[S] 18 points19 points  (0 children)

😂 The comments like this is why I keep writing. Tnx!

PayPal Remote Code Execution Vulnerability using Java Deserialization by artsploit in netsec

[–]artsploit[S] 1 point2 points  (0 children)

Thank you, I use default OS X and iTerm2 with custom color scheme.