'Name' => "IBM WebSphere RCE Java Deserialization Vulnerability", 'Description' => %q{ This module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, whi...
ThegetObjectInstance()call returns aWSIFClientProxyJava proxy object. This proxy object will invoke eval() on an instance ofELProcessorwhenfindByPrimaryKey()is called. Recall that we already control the argumentthis.keyvia deserialization. This results in RCE via Expression Language injection. The f...