RMI Deserialization Attack Analysis (2)
After the previous analysis of the complete process, we now have a better understanding of RMI.
This article focuses on JDK versions prior to JEP 290, specifically JDK 8u66, where no filtering is applied. It analyzes all possible attack methods. The next article will specifically discuss bypass techniques.
The perspective here is that of an att ...
Posted on Sun, 21 Jun 2026 17:21:57 +0000 by grant777
Web Penetration Testing Techniques and Exploits
File Inclusion and Upload Vulnerabilities
File inclusion vulnerabilities occur when a web application dynamically includes files based on user input without proper validation, allowing attackers to include malicious files. Modern server-side languages like PHP (since version 5.2.0) often disable remote file inclusion by default, making Local Fi ...
Posted on Sun, 10 May 2026 12:39:31 +0000 by dark dude