No self-introduction
Loading
Profile
Follow
codes (1)
BaRMIe
no vote
1. & nbsp; & nbsp; & nbsp; & nbsp; unsafe methods: & nbsp; & nbsp; RMI services often expose some dangerous functions and can directly call the known details of providing classes / methods. Examples include read and write to files that are not authenticated. 3. & nbsp; & nbsp; & nbsp; & nbsp; deserialization by illegal method call: Java does not verify whether the provided method parameter is compatible with the actual method parameter type before deserializing the provided method parameter. This weakness means that any non original remote method parameter can be replaced with any object by TCP proxy, which will trigger illegal method call unless deserialization payload is triggered before Java fails to execute illegal method call.
cs_song 0 0
1
No more~
Follows0
Fans0