I started studying Java deserialization gadgets. I started with the famous Apache Common Collections gadget and was looking at @matthias_kaiser's gadget chain.
Could someone please explain the following?
-
Why is the
TiedMapEntryset via Java reflection vs just using theHashSet#add()method? For example,HashSet hashSet = new HashSet(); hashSet.add(tiedMapEntry); -
I tried the above and I got a
Caused by: java.io.NotSerializableException: java.lang.ProcessImplexception which is leading me to believe that something might be going wrong during serialization. -
Is there some way to find out what might be wrong? Any tips on debugging and where to look at?
-
Any ideas on how Matthias might have figured out the reflection "hack" or perhaps his thought process? (I will also try to contact him and others).
If there are additional tips (particularly in debugging), please share because this would help me greatly in understanding this and other vulnerabilities.
Aucun commentaire:
Enregistrer un commentaire