|
|
|
|
|
|
by znep
1641 days ago
|
|
|
Exactly. eg. https://github.com/frohoff/ysoserial#usage Note the classes aren't at fault or doing anything wrong (even though you could imagine other mitigations they could use), they are just conveniently there to use if you have a vulnerability that lets you de-serialize untrusted data. |
|
|