ysoserial.net

Deserialization payload generator for a variety of .NET formatters (by pwntester)
Add to my DEV experience Suggest topics
Source Code
ysoserial.net Reviews
Suggest alternative
Edit details
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

Ysoserial.net Alternatives

Similar projects and alternatives to ysoserial.net

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a better ysoserial.net alternative or higher similarity.
Suggest an alternative to ysoserial.net

ysoserial.net reviews and mentions

Posts with mentions or reviews of ysoserial.net. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2021-05-05.
  • Json locations
    4 projects | /r/gamedev | 5 May 2021
    Any unchecked deserialization is dangerous - as you can see in this repo the same attack works on Json.NET, since you can inject a payload that performs arbitrary remote code execution.
  • Which data types are serializable by default in c sharp?
    3 projects | /r/csharp | 20 Jan 2021
    So if you have some type within your application that does something sensitive or disruptive in its constructor, an attacker can craft a stream of bytes that asks the application to create that type. From there, all kinds of crazy things can happen. Here's a privilege escalation exploit discovered in Docker for Windows that relied on BinaryFormatter. Digging into some things he mentioned I found an entire exploit suite for .NET serialization. Through very clever tricks, it creates types that, when deserialized, will execute commands. That's a big deal.

Stats

Basic ysoserial.net repo stats
2
2,997
6.0
6 months ago

pwntester/ysoserial.net is an open source project licensed under MIT License which is an OSI approved license.

The primary programming language of ysoserial.net is C#.

Popular Comparisons

  1. ysoserial.net VS MessagePack for C# (.NET, .NET Core, Unity, Xamarin)
  2. ysoserial.net VS Json.NET
  3. ysoserial.net VS JsonKnownTypes
  4. ysoserial.net VS Aetheria-Economy

Sponsored
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com