Burp Suite User Forum

Create new post

having Difficulties in solving lab

Nikhil | Last updated: Jul 09, 2020 03:28PM UTC

i am trying to solve this lab Lab: Developing a custom gadget chain for Java deserialization . When i am trying to serialise java cookie i am using your githup main.java in repl.it but i am getting an error Input:- import data.productcatalog.ProductTemplate; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; import java.util.Base64; class Main { public static void main(String[] args) throws Exception { ProductTemplate originalObject = new ProductTemplate("id=1'"); String serializedObject = serialize(originalObject); System.out.println("Serialized object: " + serializedObject); ProductTemplate deserializedObject = deserialize(serializedObject); System.out.println("Deserialized object ID: " + deserializedObject.getId()); } private static String serialize(Serializable obj) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(512); try (ObjectOutputStream out = new ObjectOutputStream(baos)) { out.writeObject(obj); } return Base64.getEncoder().encodeToString(baos.toByteArray()); } private static <T> T deserialize(String base64SerializedObj) throws Exception { try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(base64SerializedObj)))) { @SuppressWarnings("unchecked") T obj = (T) in.readObject(); return obj; } } } Output:- import data.productcatalog.ProductTemplate; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.io.Serializable; import java.util.Base64; class Main { public static void main(String[] args) throws Exception { ProductTemplate originalObject = new ProductTemplate("id=1'"); String serializedObject = serialize(originalObject); System.out.println("Serialized object: " + serializedObject); ProductTemplate deserializedObject = deserialize(serializedObject); System.out.println("Deserialized object ID: " + deserializedObject.getId()); } private static String serialize(Serializable obj) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(512); try (ObjectOutputStream out = new ObjectOutputStream(baos)) { out.writeObject(obj); } return Base64.getEncoder().encodeToString(baos.toByteArray()); } private static <T> T deserialize(String base64SerializedObj) throws Exception { try (ObjectInputStream in = new ObjectInputStream(new ByteArrayInputStream(Base64.getDecoder().decode(base64SerializedObj)))) { @SuppressWarnings("unchecked") T obj = (T) in.readObject(); return obj; } } } What should be done to solve this ? I am stuck here. Please CLarify my Doubt

Hannah, PortSwigger Agent | Last updated: Jul 10, 2020 08:57AM UTC

Hi. I have input the serialization-examples-master/java/solution folder contents into repl.it, and changed the "new ProductTemplate" to match your "id=1" and have not got the same output as you. Instead, I got the following output: > javac -classpath .:/run_dir/junit-4.12.jar:target/dependency/* -d . Main.java data/productcatalog/Product.java data/productcatalog/ProductTemplate.java > java -classpath .:/run_dir/junit-4.12.jar:target/dependency/* Main Serialized object: rO0ABXNyACNkYXRhLnByb2R1Y3RjYXRhbG9nLlByb2R1Y3RUZW1wbGF0ZQAAAAAAAAABAgABTAACaWR0ABJMamF2YS9sYW5nL1N0cmluZzt4cHQABGlkPTE= Deserialized object ID: id=1 >

Nikhil | Last updated: Jul 10, 2020 10:20AM UTC

can you send me what is your code with id=1 Because i am getting smae error with id=1

Hannah, PortSwigger Agent | Last updated: Jul 10, 2020 10:29AM UTC

Here is the link to the repl.it program: https://repl.it/repls/FreshClearcutPresses#Main.java All I've done is copy the contents of the solution folder into it, and changed "your-payload-here" to "id=1" and run the program.

Nikhil | Last updated: Jul 10, 2020 10:53AM UTC

yeah it worked thanks hannah for helping me out

mouft | Last updated: Dec 01, 2020 04:03AM UTC

hi hope u doing well so i have this probleme can somone explain to me plz  javac -classpath .:/run_dir/junit-4.12.jar:target/dependency/* -d . Main.java Main.java:1: error: package data.productcatalog does not exist import data.productcatalog.ProductTemplate; ^ Main.java:11: error: cannot find symbol ProductTemplate originalObject = new ProductTemplate("id=1"); ^ symbol: class ProductTemplate location: class Main Main.java:11: error: cannot find symbol ProductTemplate originalObject = new ProductTemplate("id=1"); ^ symbol: class ProductTemplate location: class Main Main.java:17: error: cannot find symbol ProductTemplate deserializedObject = deserialize(serializedObject); ^ symbol: class ProductTemplate location: class Main 4 errors

Hannah, PortSwigger Agent | Last updated: Dec 01, 2020 09:03AM UTC

Hi Have you included the data folder in your download and compile? It looks like your errors are saying that it hasn't been included.

mouft | Last updated: Dec 01, 2020 09:46PM UTC

OMG im an idiot , thank you so much !

uniform | Last updated: Jan 08, 2021 09:01PM UTC

Hi Everyone, Not sure what's going on but I'm getting the following error 'org.apache.commons.lang3.SerializationException: java.lang.ClassNotFoundException: ProductTemplate' Aren't we expected to create and object of type ProductTemplate to solve the lab? Let me know what do you think about it. Thanks.

uniform | Last updated: Jan 08, 2021 09:03PM UTC

To clarify for the post above, I was able to successfully create the object on client side and received the error from the application after it must have deserialized.

Hannah, PortSwigger Agent | Last updated: Jan 11, 2021 01:20PM UTC

Have you tried following along with a video solution instead of the written one? This is a good example: https://youtu.be/uqPrrzydKdg

Gian | Last updated: Jan 11, 2024 10:37PM UTC

Buenas! como andan? tengo el mismo problema: java.lang.ClassNotFoundException: data.ProductTemplate. nose que hacer, actualize el java en mi SO, mediante el binario, tambien el comando update-alternatives, en la terminal me devuelve bien el objeto serializado y en el IDE también, el tema es cuando pongo el payload en la cookie me devuelve la excepción antes mencionada: java.lang.ClassNotFoundException: data.ProductTemplate. Alguien me podría ayudar con esto por favor? estuve atascado un par de horas

Hannah, PortSwigger Agent | Last updated: Jan 15, 2024 11:40AM UTC

Hi

It seems like you're not compiling the code correctly.

Have you included the "data/productcatalog" directory?

If not, you could provide the classes after the Main class.

This would look like this at the bottom of Main.java:
class Product {}

class ProductTemplate implements Serializable
{
    static final long serialVersionUID = 1L;

    private final String id;
    private transient Product product;

    public ProductTemplate(String id)
    {
        this.id = id;
    }

    public String getId() {
        return id;
    }
}

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.