In the previous post we examine particular Java Serialisation characteristics and design points that had a few unexpected consequences. In this post we'll explore more around exploiting serialisation datastreams. How it's possible to compromise systems silently and in different ways: from changing data, running arbitrary code or even crashing systems.
Article Link: Java Serialisation - the gift that keeps on taking (Part 3)