Content mirrored for search engine indexing from:

https://github.com/TheGetch/Penetration-Testing-Methodology/wiki/Deserialization_-Java---RichFaces

Why does this service exist?

📅 Last Modified: Fri, 14 May 2021 13:19:11 GMT

Deserialization_ Java RichFaces - TheGetch/Penetration-Testing-Methodology GitHub Wiki

Deserialization: Java - RichFaces

Deserialization: Java - RichFaces

Useful Links:

https://codewhitesec.blogspot.com/2018/05/poor-richfaces.html
http://anonsvn.jboss.org/repos/richfaces/branches/community/3.3.X//framework/impl/src/main/java/org/ajax4jsf/resource/ResourceBuilderImpl.java
https://issues.jboss.org/browse/RF-13977
https://planet.jboss.org/post/richfaces_security_advisory_cve_2013_2165
https://tint0.com/matesctf-2018-wutfaces-cve-2013-2165/
https://tint0.com/when-el-injection-meets-java-deserialization/
https://deadcode.me/blog/2016/09/02/Blind-Java-Deserialization-Commons-Gadgets.html#SwitchTransformer
https://deadcode.me/blog/2016/09/18/Blind-Java-Deserialization-Part-II.html

⚠️ GitHub.com Fallback ⚠️

🗂️ Page Index for this GitHub Wiki