CVE-2022-21724: JDBC RCE PostgreSQL

Bookmarked!

This challenge covers how to gain code execution by leveraging a JDBC connection string with PostgreSQL

PRO Medium < 1 Hr. 188 Java Deserialization Badge

Course

This exercise focuses on exploiting a serialization issue in the Java PostgreSQL connector (version 9.4.1208). By understanding and leveraging a call to <code>ClassPathXmlApplicationContext()</code>, one can gain code execution.

CWE-665

Included with PRO

Full course content 1 video

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account