- VIEWSTATE deserialization
- Json.Net, aka. Newtonsoft.Json, i.e
JsonConvert.DeserializeObject(value) - UEditor SSRF/file upload to RCE
- Denpendency Check
OWASP dependency-check includes an analyzer that scans .NET dll and exe files and collect as much information it can about the files as it can. The information collected is internally referred to as evidence and is grouped into vendor, product, and version buckets. Other analyzers later use this evidence to identify any Common Platform Enumeration (CPE) identifiers that apply. .NET core 2.x needs to be installed for this analyzer to work. Files Types Scanned: EXE, DLL
Ref: https://jeremylong.github.io/DependencyCheck/analyzers/assembly-analyzer.html
- https://medium.com/c-sharp-progarmming/stop-insecure-deserialization-with-c-6a488c95cf2f
- https://medium.com/r3d-buck3t/insecure-deserialization-with-json-net-c70139af011a
- https://github.com/Y4er/dotnet-deserialization
- https://github.com/Ivan1ee/NET-Deserialize
- https://github.com/dnSpy/dnSpy
- https://github.com/icsharpcode/ILSpy/
- .Net XmlSerializer反序列化学习
- https://www.blackhat.com/docs/us-17/thursday/us-17-Munoz-Friday-The-13th-JSON-Attacks-wp.pdf