AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Deserialization - Binary

The attacker may inject random code and execute on the application server side through insecure binary deserialization resulting in total ownage

Severity

Medium

Fix Cost

Medium

Trust Level

Low

From early Remote Method Invocation (RMI) or CORBA implementations, Serialization/Deserialization is a key mechanism used for transferring a code state from one end to another. Serialization/Deserialization happens both in-process, inter-process and inter-network communications between same or different frameworks.

There are APIs which can deserialize already serialized class instances such as below;

                                     
BinaryFormatter serializer = new BinaryFormatter();

byte [] content = File.ReadAllBytes(userInputFilePath);
MemoryStream ms = new MemoryStream(content);

OrderedItem i = (OrderedItem) serializer.Deserialize(ms);
i.Register();  
                  
            

The code above reads a user inputted file and deserialize the type instance and executes its Register method. Providing a malicious serialized object and attacker can execute random code with Register method executing.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!