static void diuFIhx(System.Runtime.InteropServices.SEHException Ckwi, System.Web.UI.WebControls.FormViewPageEventHandler pmXXulx, System.Web.ProcessInfo UXOnKIG, System.Windows.Forms.DataGridViewAutoSizeColumnModeEventArgs OcXocf)
{
System.Web.UI.WebControls.FontUnitConverter zMWbe = new System.Web.UI.WebControls.FontUnitConverter();
System.Web.Security.DefaultAuthenticationModule ceJjPs = new System.Web.Security.DefaultAuthenticationModule();
System.Web.UI.ObjectStateFormatter YrZnHYu = new System.Web.UI.ObjectStateFormatter();
System.Data.SqlTypes.TypeRealSchemaImporterExtension JNYL = new System.Data.SqlTypes.TypeRealSchemaImporterExtension();
System.CodeDom.CodeThrowExceptionStatement KSQko = new System.CodeDom.CodeThrowExceptionStatement();
System.Web.UI.WebControls.TableRow kTn = new System.Web.UI.WebControls.TableRow();
System.TypeInitializationException kWOTt = new System.TypeInitializationException("DnJvbUmEBb", new System.Exception());
System.Web.UI.WebControls.HotSpotCollection TlZ = new System.Web.UI.WebControls.HotSpotCollection();
System.Web.UI.HtmlControls.HtmlMeta bYWLMKb = new System.Web.UI.HtmlControls.HtmlMeta();
System.Threading.ThreadStateException PDolU = new System.Threading.ThreadStateException();
System.Data.OleDb.OleDbEnumerator NxZR = new System.Data.OleDb.OleDbEnumerator();
System.Runtime.InteropServices.SEHException nPiw = new System.Runtime.InteropServices.SEHException("lwdiEhLZzaWCQz");
System.Web.UI.WebControls.XmlDataSource qCy = new System.Web.UI.WebControls.XmlDataSource();
System.Web.UI.WebControls.WebParts.PersonalizationDictionary HMgdxBz = new System.Web.UI.WebControls.WebParts.PersonalizationDictionary();
System.Net.Configuration.SmtpSpecifiedPickupDirectoryElement xFdgY = new System.Net.Configuration.SmtpSpecifiedPickupDirectoryElement();
System.CodeDom.CodeIterationStatement tOAyBU = new System.CodeDom.CodeIterationStatement();
System.Web.UI.WebControls.Content FKcstoM = new System.Web.UI.WebControls.Content();
System.Resources.MissingSatelliteAssemblyException shC = new System.Resources.MissingSatelliteAssemblyException("MVTEvazwfl", new System.Exception());
System.CodeDom.CodeNamespace sBd = new System.CodeDom.CodeNamespace("CBDlENnQEYaGMNaJF");
System.Security.Policy.Publisher CXUTb = new System.Security.Policy.Publisher(new System.Security.Cryptography.X509Certificates.X509Certificate());
System.Windows.Forms.LinkClickedEventArgs UzGdiZc = new System.Windows.Forms.LinkClickedEventArgs("cxLJ");
System.Web.UI.WebControls.FormViewUpdatedEventArgs jYKx = new System.Web.UI.WebControls.FormViewUpdatedEventArgs(497644070, new System.Exception());
System.Web.Configuration.XhtmlConformanceSection IJvBQNF = new System.Web.Configuration.XhtmlConformanceSection();
}
public static void SerializeObjectToFile_osf(string file, object obj)
{
IFormatter formatter = new System.Web.UI.ObjectStateFormatter();
Stream stream = new FileStream(file, FileMode.Create, FileAccess.Write, FileShare.None);
formatter.Serialize(stream, obj);
stream.Close();
}
public static object DeserializeObjectFromFile_osf(string file)
{
IFormatter formatter = new System.Web.UI.ObjectStateFormatter();
Stream stream = new FileStream(file, FileMode.Open, FileAccess.Read, FileShare.None);
object obj = formatter.Deserialize(stream);
stream.Close();
return(obj);
}
static void testPayload(byte[] payload, string method)
{
try {
switch (method.ToLower())
{
case "binaryformatter":
System.Runtime.Serialization.Formatters.Binary.BinaryFormatter bf = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter();
bf.Deserialize(new System.IO.MemoryStream(payload));
break;
case "objectstateformatter":
System.Web.UI.ObjectStateFormatter osf = new System.Web.UI.ObjectStateFormatter();
osf.Deserialize(new System.IO.MemoryStream(payload));
break;
case "soapformatter":
System.Runtime.Serialization.Formatters.Soap.SoapFormatter sf = new System.Runtime.Serialization.Formatters.Soap.SoapFormatter();
sf.Deserialize(new System.IO.MemoryStream(payload));
break;
case "losformatter":
System.Web.UI.LosFormatter lf = new System.Web.UI.LosFormatter();
lf.Deserialize(new System.IO.MemoryStream(payload));
break;
default:
Console.WriteLine("Not supported");
break;
}
}
catch (System.Reflection.TargetInvocationException tie)
{
// Internal InvalidCastException is expected
}
catch (ArgumentException ae)
{
// Internal InvalidCastException is expected
}
}
static void Method(string json, TypeNameHandling param)
{
//Unsafe 2
var data = JsonConvert.DeserializeObject <Model>(json, new JsonSerializerSettings
{
TypeNameHandling = TypeNameHandling.Objects
});
var serializeSettings = new JsonSerializerSettings();
serializeSettings.TypeNameHandling = TypeNameHandling.All;
serializeSettings.TypeNameHandling = (TypeNameHandling)2;
serializeSettings = new JsonSerializerSettings
{
TypeNameHandling = param
};
serializeSettings.TypeNameHandling = GetHandling("");
// Unsafe 5
BinaryMessageFormatter binaryMessage = new System.Messaging.BinaryMessageFormatter();
binaryMessage.Read(new Message());
// Unsafe 7
System.Web.UI.ObjectStateFormatter formatter = new System.Web.UI.ObjectStateFormatter();
formatter.Deserialize("");
formatter.Deserialize(new MemoryStream());
// Unsafe 8
XmlObjectSerializer xmlObjectSerializer = null;
xmlObjectSerializer.ReadObject(new MemoryStream());
// Unsafe 11
DataContractJsonSerializer dataContractJsonSerializer = new DataContractJsonSerializer(typeof(InsecureDeserialize));
dataContractJsonSerializer.ReadObject(new MemoryStream());
dataContractJsonSerializer.ReadObject(XmlDictionaryReader.Create(""));
dataContractJsonSerializer.ReadObject(XmlDictionaryReader.Create(""), false);
dataContractJsonSerializer.ReadObject(XmlReader.Create(""));
dataContractJsonSerializer.ReadObject(XmlReader.Create(""), false);
// Unsafe 12
XmlSerializer xmlSerializer = new XmlSerializer(typeof(InsecureDeserialize));
xmlSerializer.Deserialize(new MemoryStream());
xmlSerializer.Deserialize(TextReader.Null);
xmlSerializer.Deserialize(XmlReader.Create(""));
xmlSerializer.Deserialize(XmlReader.Create(""), "\"");
xmlSerializer.Deserialize(XmlReader.Create(""), new System.Xml.Serialization.XmlDeserializationEvents());
xmlSerializer.Deserialize(XmlReader.Create(""), "\"", new System.Xml.Serialization.XmlDeserializationEvents());
// Unsafe 13
System.Messaging.XmlMessageFormatter xmlMessageFormatter = new XmlMessageFormatter();
xmlMessageFormatter.Read(new System.Messaging.Message());
// Unsafe 14
System.Resources.ResourceReader resourceReader = new System.Resources.ResourceReader("");
resourceReader = new System.Resources.ResourceReader(new MemoryStream());
// Unsafe 15
fastJSON.JSON.ToObject("");
// Unsafe 16
ServiceStack.Text.JsonSerializer.DeserializeFromString("", typeof(InsecureDeserialize));
ServiceStack.Text.JsonSerializer.DeserializeFromReader(TextReader.Null, typeof(InsecureDeserialize));
ServiceStack.Text.JsonSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream());
ServiceStack.Text.TypeSerializer.DeserializeFromString("", typeof(InsecureDeserialize));
ServiceStack.Text.TypeSerializer.DeserializeFromReader(TextReader.Null, typeof(InsecureDeserialize));
ServiceStack.Text.TypeSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream());
ServiceStack.Text.CsvSerializer.DeserializeFromString(typeof(InsecureDeserialize), "");
ServiceStack.Text.CsvSerializer.DeserializeFromReader <InsecureDeserialize>(TextReader.Null);
ServiceStack.Text.CsvSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream());
ServiceStack.Text.XmlSerializer.DeserializeFromString("", typeof(InsecureDeserialize));
ServiceStack.Text.XmlSerializer.DeserializeFromReader <InsecureDeserialize>(TextReader.Null);
ServiceStack.Text.XmlSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream());
}
public void ObjectStateFormatter()
{
var serializer = new System.Web.UI.ObjectStateFormatter();
serializer.Deserialize(new MemoryStream());
}
