|
|
|
|
|
|
by lyu07282
270 days ago
|
|
|
It often results in remote code/command execution, its data that de-serializes into java objects. But during the instantiation or sometimes deconstruction of objects, code can be executed. Popular tool for java: https://github.com/frohoff/ysoserial |
|
|