Deserialization - merging Java, PHP

2024-11-10 07:04:22 +00:00 · 2018-11-13 23:25:18 +01:00 · 2018-11-13 23:25:18 +01:00 · d181ff4e79
commit d181ff4e79
parent ddfdc51e68
8 changed files with 31 additions and 0 deletions
--- a/S3/README.md
+++ b/S3/README.md
@ -111,6 +111,7 @@ Amazon exposes an internal service every EC2 instance can query for instance met
 http://169.254.169.254/latest/meta-data/
 http://169.254.169.254/latest/user-data/
 http://169.254.169.254/latest/meta-data/iam/security-credentials/IAM_USER_ROLE_HERE will return the AccessKeyID, SecretAccessKey, and Token
+http://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance
 ```

 For example with a proxy : http://4d0cf09b9b2d761a7d87be99d17507bce8b86f3b.flaws.cloud/proxy/169.254.169.254/latest/meta-data/iam/security-credentials/flaws/
--- a/deserialization/Files/PHP-Serialization-RCE-Exploit.php
+++ b/deserialization/Files/PHP-Serialization-RCE-Exploit.php
--- a/Deserialization/README.md
+++ b/Deserialization/README.md
--- a/serialization/README.md
+++ b/serialization/README.md
--- a/deserialization/README.md
+++ b/deserialization/README.md
@ -0,0 +1,22 @@
+# Insecure Deserialization
+
+> Serialization is the process of turning some object into a data format that can be restored later. People often serialize objects in order to save them to storage, or to send as part of communications. Deserialization is the reverse of that process -- taking data structured from some format, and rebuilding it into an object - OWASP
+
+Check the following sub-sections, located in other files :
+
+* [Java deserialization : ysoserial, ...](Java.md)
+* [PHP (Object injection) : phpggc, ...](PHP.md)
+* [Ruby : universal rce gadget, ...](Ruby.md)
+
+## Thanks to
+
+* [Github - ysoserial](https://github.com/frohoff/ysoserial)
+* [Java-Deserialization-Cheat-Sheet - GrrrDog](https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet/blob/master/README.md)
+* [Understanding & practicing java deserialization exploits](https://diablohorn.com/2017/09/09/understanding-practicing-java-deserialization-exploits/)
+* [How i found a 1500$ worth Deserialization vulnerability - @D0rkerDevil](https://medium.com/@D0rkerDevil/how-i-found-a-1500-worth-deserialization-vulnerability-9ce753416e0a)
+* [Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities - 14 Aug 2017, Peter Stöckli](https://www.alphabot.com/security/blog/2017/java/Misconfigured-JSF-ViewStates-can-lead-to-severe-RCE-vulnerabilities.html)
+* [PHP Object Injection - OWASP](https://www.owasp.org/index.php/PHP_Object_Injection)
+* [PHP Object Injection - Thin Ba Shane](http://location-href.com/php-object-injection/)
+* [PHP unserialize](http://php.net/manual/en/function.unserialize.php)
+* [PHP Generic Gadget - ambionics security](https://www.ambionics.io/blog/php-generic-gadget-chains)
+* [RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN - elttam, Luke Jahnke](https://www.elttam.com.au/blog/ruby-deserialization/)
--- a/deserialization/Ruby.md
+++ b/deserialization/Ruby.md
@ -0,0 +1,7 @@
+# Ruby Deserialization
+
+TODO
+
+## Thanks
+
+- [RUBY 2.X UNIVERSAL RCE DESERIALIZATION GADGET CHAIN - elttam, Luke Jahnke](https://www.elttam.com.au/blog/ruby-deserialization/)
--- a/management/README.md
+++ b/management/README.md
--- a/injection/README.md
+++ b/injection/README.md
@ -317,6 +317,7 @@ http://169.254.169.254/latest/user-data
 http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
 http://169.254.169.254/latest/meta-data/
 http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]
+http://169.254.169.254/latest/meta-data/iam/security-credentials/PhotonInstance
 http://169.254.169.254/latest/meta-data/ami-id
 http://169.254.169.254/latest/meta-data/reservation-id
 http://169.254.169.254/latest/meta-data/hostname