Privilege Escalation via Insecure Deserialization

If user provided data is deserialised by a web application this can lead to insecure deserialisation vulnerabilities. During this video we look at a simple scenario where an attacker identify and exploit an insecure deserialisation vulnerability to get access to administrative functions. NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications. Web Security Academy | Lab: Modifying serialized objects: https://portswigger.net/web-security/deserialization/exploiting/lab-deserialization-modifying-serialized-objects Twitter: https://twitter.com/tracethecode