← All Challenges
Challenge 37 of 66
Object Breaker
🟠 Hard
Injection
+100 XP
A Java application deserializes user-supplied objects. Craft a malicious serialized object to achieve remote code execution.
The app uses Apache Commons Collections. Look for known gadget chains.