H2 RCE

Bookmarked!

This challenge covers how to gain code execution by leveraging an H2 database in a Java application

PRO Easy < 1 Hr. 133 Java Deserialization Badge

Course

This exercise demonstrates how to exploit an exposed H2 console to achieve code execution by leveraging a JRMPListener gadget from ysoserial, focusing on the H2 database and the JNDI RCE vulnerability.

Included with PRO

Full course content 1 video

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account