Attacking Java RMI via SSRF

Attacking Java RMI via SSRF

During the last couple of years, SSRF vulnerabilities have become more and more popular and several high impact vulnerabilities have been identified. Possible targets in the backend range from HTTP based services like Solr, over cloud metadata services, up to more exotic targets like redis databases. In this blog post we discuss the SSRFibility of Java RMI and demonstrate how RMI services can be targeted via SSRF. The SSRFibility of Java RMI Java RMI is an object oriented RPC (Remote Procedure Call) mechanism that is available by default in most Java installations....

December 30, 2021 · 23 min · Tobias Neitzel