JDBC RCE
This exercise is one of our challenges to help you learn Java Serialisation exploitation
In this exercise, you will learn how to exploit a serialization vulnerability in the Java MySQL connector (version 8.x). The main objective is to create a malicious MySQL server that sends a serialized Java Object payload. This can be achieved by either writing a script to mimic a MySQL server, using a proxy like Cobar, or developing a MySQL extension that responds with a malicious payload.
To generate the payload, you can utilize ysoserial, taking into account that the application includes the commons-collections:3.1 jar. By following the outlined methods, you will understand how to manipulate the MySQL server responses to exploit the deserialization issue in the MySQL JDBC connector.