Question

This chapter has already described how insecure deserialization bugs often result in remote code execution, granting the attacker a wide range of capabilities with which to impact the application. For that reason, deserialization bugs are valuable and impactful vulnerabilities. Even when RCE isn’t possible, you might be able to achieve an authentication bypass or otherwise meddle with the logic flow of the application.

这一章已经描述了不安全的反序列化漏洞通常会导致远程代码执行，赋予攻击者广泛的能力来影响应用程序。因此，反序列化漏洞是有价值且有影响力的漏洞。即使无法实现远程代码执行，您可能仍能绕过身份验证或以其他方式干扰应用程序的逻辑流程。

However, the impact of insecure deserialization can be limited when the vulnerability relies on an obscure point of entry, or requires a certain level of application privilege to exploit, or if the vulnerable function isn’t available to unauthenticated users.

然而，当漏洞依赖于一个模糊的入口点，或需要一定级别的应用权限才能利用，或者易受攻击的功能不对未经认证的用户可用时，不安全反序列化的影响可以得到限制。

When escalating deserialization flaws, take the scope and rules of the bounty program into account. Deserialization vulnerabilities can be dangerous, so make sure you don’t cause damage to the target application when trying to manipulate program logic or execute arbitrary code. Read Chapter 18 for tips on how to create safe PoCs for an RCE.

在升级反序列化缺陷时，请考虑赏金计划的范围和规则。反序列化漏洞可能很危险，因此在尝试操纵程序逻辑或执行任意代码时，请确保不会对目标应用程序造成损害。阅读第 18 章，获取有关如何创建安全 PoC 进行 RCE 的提示。