Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pwntester/restletxmldecoder

Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)
https://github.com/pwntester/restletxmldecoder

Last synced: about 1 month ago
JSON representation

Restlet API consuming XML serialized Java Objects. Vulnerable to XXE and RCE (if third party libraries like GroovyShell are found in the classpath)

Host: GitHub
URL: https://github.com/pwntester/restletxmldecoder
Owner: pwntester
Created: 2013-07-31T08:59:17.000Z (over 11 years ago)
Default Branch: master
Last Pushed: 2013-07-31T09:02:26.000Z (over 11 years ago)
Last Synced: 2023-04-01T05:42:58.885Z (over 1 year ago)
Language: Java
Size: 5.9 MB
Stars: 2
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README

Awesome Lists containing this project

README

javac -cp ./lib/org.restlet.jar:./lib/groovy-all-1.8.9.jar *java
1st terminal: java -cp ./lib/org.restlet.jar:./lib/groovy-all-1.8.9.jar:. ServerRestlets
2nd terminal: java -cp ./lib/org.restlet.jar:. ClientRestlet
3rd terminal:
curl -X PUT -u scott:tiger --header "content-type: application/x-java-serialized-object+xml" --data @customer.xml "http://localhost:8182/customer"
curl -X PUT -u scott:tiger --header "content-type: application/x-java-serialized-object+xml" --data @customer-xee.xml "http://localhost:8182/customer"
curl -X PUT -u scott:tiger --header "content-type: application/x-java-serialized-object+xml" --data @customer-rce.xml "http://localhost:8182/customer"