WRITEUP #1588

Pwn2Owning Two Hosts At The Same Time: Abusing Inductive Automation Ignition’s Custom Deserialization

DeserializationInsecure deserializationRCESecurity code review

by@chudyPB(Piotr Bazydło)

Program

Inductive Automation Ignition

Published

Feb 8, 2023

Added to HackDex

Mar 6, 2023

Read Full Writeuphttps://www.zerodayinitiative.com/blog/2023/2/6/pwn2owning-two-hosts-at-the-same-time-abusing-inductive-automation-ignitions-custom-deserialization

▸ RELATED WRITEUPS

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

Spip Preauth RCE 2024: Part 2, A Big Upload

RCEFile upload

Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle

RCESecurity code review

WordPress GiveWP POP to RCE (CVE-2024-5932)

RCEPHP pop chain

Built with ❤️ by Shubham Rawat