ASP.NET resource files (.RESX) and deserialization issues

Article’s PDF version: https://soroush.secproject.com/downloadable/aspnet_resource_files_resx_deserialization_issues.pdf I have recently published a blog post via NCC Group’s website about the deserialization issue by abusing the ASP.NET resource files (.resx and .resources extensions). A number of products were exploited and some file uploaders can also be vulnerable to this type of attack. The full article can be viewed in […]