Back to directory

WRITEUP #5493

Universal RCE with Ruby YAML.load

DeserializationInsecure deserializationRCE

by@_staaldraad(Etienne Stalmans)

Program

-

Published

Mar 2, 2019

Added to HackDex

Aug 8, 2023

Read Full Writeuphttps://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/

▸ RELATED WRITEUPS

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Getting code execution on Veeam through CVE-2023-27532

RCEInsecure deserialization

3 ways to get Remote Code Execution in Kafka UI

RCEInsecure deserialization

Dynamics 365 Business Central - A Journey With Ups and Downs

DeserializationInsecure deserialization

Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) (CVSS 9.9, CVSS 9.8) Walkthrough

Built with ❤️ by Shubham Rawat