dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dinis Cruz Blog

Browse Source 
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
This commit is contained in:
Elie De Brauwer
2020-05-24 14:42:27 +02:00
committed by Nanne Baars
parent 5311db8564
commit 11a7814626
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc
View File

@ -8,7 +8,7 @@ Ref: http://www.pcworld.com/article/3004633/business-security/thousands-of-java-
=== Dinis Cruz and Alvaro Munoz exploit of XStream
XStream, a relatively common XML and JSON parsing library, has a nasty little remote code execution. +
Ref: https://web.archive.org/web/20190718132219/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] +
Ref: https://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] +
https://github.com/pwntester/XStreamPOC[pwntester/XStreamPOC]
You may want to read the article(s) before trying this lesson. Let's see if you can figure out how to exploit this in WebGoat.