Course
This exercise covers exploiting a serialization issue in Java by leveraging the <code>ObjectInputStream</code> class to deserialize arbitrary objects. The goal is to build your own gadgets without relying on ysoserial, ultimately leading to command execution.
Skills covered
Injection
Included with PRO
Full course content
1 video
Common mistakes
Ready to practice?
Get access to this lab and 600+ hands-on exercises with a PRO subscription.
