Delphi-PRAXiS - YAML and Remote Code Execution

Delphi-PRAXiS (https://www.delphipraxis.net/forum.php)

- Delphi-News aus aller Welt (https://www.delphipraxis.net/58-delphi-news-aus-aller-welt/)

- - YAML and Remote Code Execution (https://www.delphipraxis.net/173046-yaml-remote-code-execution.html)

DP News-Robot

4. Feb 2013 21:30

YAML and Remote Code Execution

YAML’s security risks are in no way limited to Rails or Ruby. YAML documents should be treated as executable code and firewalled accordingly. Deserializing arbitrary types is user-controlled, arbitrary code execution. It’s Not Just Ruby A few weeks ago, I had a need to parse ...http://feeds.feedburner.com/~r/delph...~4/H6U1IyRevjE

More...

Alle Zeitangaben in WEZ +1. Es ist jetzt 12:18 Uhr.

Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024-2025 by Thomas Breitkreuz