. NET advanced code audit of the nine classes BinaryFormatter deserialization vulnerability-vulnerability warning-the black bar safety net

The BinaryFormatter and SoapFormatter two classes the difference between the data streams of different formats, other features on both about the same, the BinaryFormatter is located in the namespace System. Runtime. Serialization. Formatters. Binary it is the direct use of binary the way the obje...

. NET advanced code audit, the eighth classes SoapFormatter deserialization vulnerability-vulnerability warning-the black bar safety net

SoapFormatter formatter and the next lesson introduce the BinaryFormatter formatter are. NET internal implementation of a serialization function classes, SoapFormatter derived directly from the System. The Object, located in the namespace System. Runtime. Serialization. Formatters. Soap, and...

如何针对使用HTTP的.NET Remoting finding and using deserialization vulnerability-vulnerability warning-the black bar safety net

One, overview In the NCC Group and most recent safety assessment, 我发现了一个.NET v2. 0 app, 该应用程序使用.NET Remoting by HTTP to send the SOAP request to the other server to communicate. In the application of the anti-compiled, I realized that the server has TypeFilterLevel is set to Full, this is very...

For ASP. NET resource files. RESX and deserialization vulnerability research-exploit warning-the black bar safety net

ASP. NET application resource files are typically used as a localized storage, they can be used to store user interface elements or can be easily translated string to1. These resource files are generally used. resx as the file expansion name, and when they are in. resources as files to expand the...