By | December 3, 2020

In this article, we are telling you about Insecure Deserialization vulnerability like what is Insecure Deserialization vulnerability, as well as how to find this bug in a website.

You may have never heard of the name of Insecure Deserialization vulnerability, but if you find this bug in a website, you may get a good bug bounty.

We have already told you about many bugs that are never talked about, such as access control vulnerabilities and information disclosure vulnerability. If you have not read that article, you can also read them.

Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.

Insecure Deserialization vulnerability ?

Before going into practical about Insecure Deserialization vulnerability, you should know what it is if you know about java programming language, then you will also know about serialization and deserialization.

Insecure Deserialization

Let us understand this from the example that an object has some kind of data in it, we store that data in a file, in such a way it is called serialization, just like that if we remove the same data from the file again in the object In this case, it is called Deserialization.

In the same way if we are able to access the admin account by using sessions in some way when login from an account in a website, in this way it is called Insecure Deserialization vulnerability Insecure Deserialization vulnerability is also called object injection vulnerability.

In easy language, if we try to understand Insecure Deserialization vulnerability, in this way we can also say that if we can open another object by making changes in it through one object, in this way it is called Insecure Deserialization vulnerability.

When you solve the labs of Insecure Deserialization vulnerability, in such a way, you yourself understand how this bug works in a website, we are telling you by solving the labs of portswigger.

https://portswigger.net/web-security/deserialization

Also read

Bypass website two factor authentication

What is xml external entity injection

Local file inclusion vulnerability

Insecure Deserialization vulnerability Labs ?

Let us now tell you by solving labs of Insecure Deserialization vulnerability, here we are telling you by solving two labs of Insecure Deserialization, you can try to solve other labs by ourselves.

Modifying serialized objects

First of all you have to run the burp suite and keep the intercept off like we do in some kind of bug hunting, after doing all this you can solve this lab.

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-objects

Insecure Deserialization

After this you have to open lab, after doing all this, we have to access lab, as you have been told all this in earlier articles, you can do it here as well.

Insecure Deserialization

After accessing the lab, you have to login, here you get the login information in the lab itself, as you can see in the image, you have to give the username and password in this way.

After doing all this you get a login url in http history in the burp suite as you can see in the image, here you get a session show in response, here we have to use this session.

Insecure Deserialization

After doing all this you have to send the session to the decoder, after this you have to first decode as url, after that you have to decode as base 64.

Insecure Deserialization

After doing all this, you have to give 1 instead of 0 in base 64.After doing this you have to first encode as base64, after that you have to encode as url

Here you can see by matching your practical with our image, after doing all this, you get a new session on making object changes, this is what we have to use next.

Insecure Deserialization

After doing all this, we have to refresh the page by turning on the intercept, on doing so your request will show you in the burp suite as you can see in the image.

Insecure Deserialization

Here we have to change the session and forward the request, after the request is forward, you will be able to see your account will change from wiener to administrator as you can see in the image.

After doing all this, you have to open the admin panel page, by doing this you get another request in the burp suite here also we have to change the session and forward the request.

After doing all this, the page will be opened in front of you in such a way that as you can see in the image, this lab will be solved by deleting the carlos user here.

Insecure Deserialization

After clicking on delete button here you get another request show, here we have to change the session and forward the request, understand this practical carefully and only then you will be able to

After forwarding the request, something like this will be shown in the burp suite in front of you, here you have to simply forward the request again, after doing all this your lab resolves.

As you can see in the image, here we have got a message show of congratulations, here we want to clear you one thing, to do this practical you may have to face errors because you have to understand when you have to change the session and when not.

So to solve this lab here, you can try to change the sessions according to yourself, if you do not solve the lab for the first time, then you can see the session by changing it on a different request.

Modifying serialized data types

In the same way, we can also solve the other lab of Insecure Deserialization vulnerability, here also first you have to do the same process like login after running lab and run burp suite.

https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-data-types

After doing all this, you have login url in http history as well as a url and show as you can see in the image, in this way you get a session in get request.

After doing all this, you have to copy the session to send to decoder, after doing this you have to do the same thing as decode as url and decode as base64.

As you can see in the image the decode we get is the username wiener and we have given the administrator here. After doing all this you have to encode as base64 and encode as url

After doing all this you get a session after which we have to do the same process by intercept on the burp suite and refresh the page, after that change the session and forward the request.

After doing all this process, the further process becomes the same as you have been told by solving a lab. Here we have to forward the request by changing the session as often as we get the session.

After doing all this, we have to delete the carlos user like we did in the previous lab, in the same way, this lab is also solved after deleting the carlos user here, this is how Insecure Deserialization vulnerability works.

The Conclusion

I hope now you can understand about Insecure Deserialization vulnerability. We have told you here by solving two labs of Insecure Deserialization vulnerability.

In this way, you can see the rest of the labs by solving it, here we want to clear you one thing. These labs are for Intermediate level persons. If you are new, then you must first understand the basic of burp suite.

Here when you have to change the session and when not to change the session, what is happening in the background, all the things that an Intermediate level person will understand easily.

If you have any kind of problem in solving labs of Insecure Deserialization vulnerability, in such a way, you can ask us in a comment, we will help you completely.

If you like this article of ours, then you must share it, here you are given free knowledge about facebook hacking, whatsapp hacking and all modules of CEH.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *