From 11a78146260fd3d4d0f1191e099d094dc7e43a91 Mon Sep 17 00:00:00 2001 From: Elie De Brauwer Date: Sun, 24 May 2020 14:42:27 +0200 Subject: [PATCH] Dinis Cruz Blog This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link. --- .../resources/lessonPlans/en/VulnerableComponents_content5.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc index cf3a633da..d0a29a365 100644 --- a/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc +++ b/webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc @@ -8,7 +8,7 @@ Ref: http://www.pcworld.com/article/3004633/business-security/thousands-of-java- === Dinis Cruz and Alvaro Munoz exploit of XStream XStream, a relatively common XML and JSON parsing library, has a nasty little remote code execution. + -Ref: https://web.archive.org/web/20190718132219/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] + +Ref: https://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] + https://github.com/pwntester/XStreamPOC[pwntester/XStreamPOC] You may want to read the article(s) before trying this lesson. Let's see if you can figure out how to exploit this in WebGoat.