This course explores novel pathways to Remote Code Execution (RCE) in web frameworks through the DataBinding mechanism. Participants will learn about the security vulnerabilities in DataBinding and how they can lead to RCE. The course aims to enhance understanding of DataBinding security issues in popular web frameworks such as Spring, Struts, Grails, and Ruby on Rails. The intended audience for this course includes web developers, security professionals, and individuals interested in web application security. The teaching method involves a comprehensive analysis of security bugs in DataBinding mechanisms and their exploitation for RCE.
DataBinding2Shell - Novel Pathways to RCE Web Frameworks
Overview
Syllabus
DataBinding2Shell: Novel Pathways to RCE Web Frameworks
Taught by
Black Hat
Related Courses
-
CVE Series: Confluence RCE (CVE-2022-26134)
-
Server-Side Template Injection - RCE for the Modern Web App
-
The Hidden RCE Surfaces That Control the Droids
-
SolarWinds One Year Later - The Story of an Unauthenticated RCE in the Orion Platform
-
Diving Into Spooler - Discovering LPE and RCE Vulnerabilities in Windows Printer
-
Prototype Pollution Leads to RCE - Gadgets Everywhere
