Java

My ysoserial fork

My ysoserial fork

Hi! During the years many people ask to me the code I used to generate payloads of Java Deserialization Scanner. These payloads are generated with a customized version of Chris…
Exploiting OGNL Injection

Exploiting OGNL Injection

Recently during a penetration test Burp Suite reported a “Expression Language Injection” issue. Burp Suite recognizes the issue thanks to the following payload: gk6q${"zkz".toString().replace("k", "x")}doap2 The value returned was “igk6qzxzdoap2”,…