Exploiting insecure Deserialization

With real world example.

Insecure Deserialization: — To understand it first we have to learn about what is serialization and deserialization.

Serialization: Converting the state of an object into any format like byte stream is known as serialization.

There are so many interpreted language like JavaScript, Excel and PowerShell used for data serialization. After serialization state of objects persisted such as send data over network persist it in XML, JSON format.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store