Tagged: ermir

Rogue RMI Registry

ermir: Evil Java RMI Registry

Ermir Ermir is an Evil/Rogue RMI Registry, it exploits unsecure deserialization on any Java code calling standard RMI methods on it (list()/lookup()/bind()/rebind()/unbind()). How does it work? java.rmi.registry.Registry offers 5 methods: list(), lookup(), bind(), rebind(), unbind(): public Remote lookup(String name): lookup()...