Dan Amodio

Home » Posts tagged "CVE"

Remote Code with Expression Language Injection

Discovering and Exploiting a Spring Framework Vulnerability

Previously, Expression Language Injection has only meant information disclosure. I’ll illustrate how it can actually be used for remote code execution on Glassfish and potentially other EL 2.2 containers.

Continue reading