Using application functionality to exploit insecure deserialization - Lab#03

In this video, I demonstrate how to exploit a serialization-based vulnerability in a session mechanism to invoke a dangerous method on a serialized object. By manipulating the serialized session data in the session cookie, I manage to delete the morale.txt file from Carlos's home directory. I use my access to the gregg account to exploit this vulnerability. Watch till the end to see how this attack works and how to prevent such serialization-based threats!

🔹 Lab Type: Insecure Serialization & Dangerous Method Invocation
🔹 Vulnerability: Serialization-based session with dangerous method execution
🔹 Attack Goal: Modify session cookie to delete morale.txt file from Carlos's home directory

📌 Like & Subscribe for more ethical hacking tutorials! 💻🚀

#SerializationVulnerability #FileDeletion #CyberSecurity #EthicalHacking #WebSecurity #BugBounty