Skip to main content

16. Which vulnerabilities do you typically use for initial compromise (“scoring a hit”)?

Priority

Java deserialisation vulnerabilities such as Shiro, Fastjson, WebLogic, and Yonyou OA, because Java web applications often run with high privileges by default. Afterwards, other fragile, easily exploitable points are sought.