{"uuid": "3abf98ef-dd8f-451d-96ad-a565d38bd70e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-35464", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/49", "content": "Pre-auth RCE in ForgeRock OpenAM (CVE-2021-35464)\n\ud83d\udc64 by Michael Stepankin aka @artsploit\n\nThe story of discovering and exploiting a java deserialization vulnerability leading to RCE in ForgeRock OpenAM.\n\nPoC: GET /openam/oauth2/..;/ccversion/Version?jato.pageSession=[serialized_object]\n\n\ud83d\udcdd Contents:\n \u2022 The Story\n \u2022 Obtaining Code & Decompiling\n \u2022 Source code analysis\n \u2022 Jato\n \u2022 Testing on bug bounty (and failing)\n \u2022 Building a custom gadget chain\n \u2022 Let's get this bread\n \u2022 The patch\n \u2022 Key takeaways\n\nhttps://portswigger.net/research/pre-auth-rce-in-forgerock-openam-cve-2021-35464", "creation_timestamp": "2021-06-29T13:17:30.000000Z"}