dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Dinis Cruz Blog

Browse Source 
This was discussed in ticket https://github.com/WebGoat/WebGoat/issues/724 however the Dinis Cruz Blog remains available through a blogspot.com URL which might be more interesting to reference than an web.archive.org link.
This commit is contained in:
Elie De Brauwer
2020-05-24 14:42:27 +02:00
committed by Nanne Baars
parent 5311db8564
commit 11a7814626
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
webgoat-lessons/vulnerable-components/src/main/resources/lessonPlans/en/VulnerableComponents_content5.adoc
View File

@ -8,7 +8,7 @@ Ref: http://www.pcworld.com/article/3004633/business-security/thousands-of-java-
=== Dinis Cruz and Alvaro Munoz exploit of XStream === Dinis Cruz and Alvaro Munoz exploit of XStream
XStream, a relatively common XML and JSON parsing library, has a nasty little remote code execution. + XStream, a relatively common XML and JSON parsing library, has a nasty little remote code execution. +
Ref: https://web.archive.org/web/20190718132219/http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] + Ref: https://diniscruz.blogspot.com/2013/12/xstream-remote-code-execution-exploit.html[Dinis Cruz Blog] +
https://github.com/pwntester/XStreamPOC[pwntester/XStreamPOC] https://github.com/pwntester/XStreamPOC[pwntester/XStreamPOC]
You may want to read the article(s) before trying this lesson. Let's see if you can figure out how to exploit this in WebGoat. You may want to read the article(s) before trying this lesson. Let's see if you can figure out how to exploit this in WebGoat.