Java Serialize 02

Bookmarked!

This exercise is one of our challenges to help you learn Java Serialisation exploitation

PRO Medium < 1 Hr. 172 Java Deserialization Badge

Course

This lab teaches you how to exploit a serialization issue in Java by building your own gadgets without relying on ysoserial, focusing on the use of ObjectInputStream to unserialize arbitrary objects provided as base64-encoded data.

Skills covered

Injection

Included with PRO

Full course content 1 video Common mistakes

Ready to practice?

Get access to this lab and 600+ hands-on exercises with a PRO subscription.

Go PRO or create a free account