static void diuFIhx(System.Runtime.InteropServices.SEHException Ckwi, System.Web.UI.WebControls.FormViewPageEventHandler pmXXulx, System.Web.ProcessInfo UXOnKIG, System.Windows.Forms.DataGridViewAutoSizeColumnModeEventArgs OcXocf) { System.Web.UI.WebControls.FontUnitConverter zMWbe = new System.Web.UI.WebControls.FontUnitConverter(); System.Web.Security.DefaultAuthenticationModule ceJjPs = new System.Web.Security.DefaultAuthenticationModule(); System.Web.UI.ObjectStateFormatter YrZnHYu = new System.Web.UI.ObjectStateFormatter(); System.Data.SqlTypes.TypeRealSchemaImporterExtension JNYL = new System.Data.SqlTypes.TypeRealSchemaImporterExtension(); System.CodeDom.CodeThrowExceptionStatement KSQko = new System.CodeDom.CodeThrowExceptionStatement(); System.Web.UI.WebControls.TableRow kTn = new System.Web.UI.WebControls.TableRow(); System.TypeInitializationException kWOTt = new System.TypeInitializationException("DnJvbUmEBb", new System.Exception()); System.Web.UI.WebControls.HotSpotCollection TlZ = new System.Web.UI.WebControls.HotSpotCollection(); System.Web.UI.HtmlControls.HtmlMeta bYWLMKb = new System.Web.UI.HtmlControls.HtmlMeta(); System.Threading.ThreadStateException PDolU = new System.Threading.ThreadStateException(); System.Data.OleDb.OleDbEnumerator NxZR = new System.Data.OleDb.OleDbEnumerator(); System.Runtime.InteropServices.SEHException nPiw = new System.Runtime.InteropServices.SEHException("lwdiEhLZzaWCQz"); System.Web.UI.WebControls.XmlDataSource qCy = new System.Web.UI.WebControls.XmlDataSource(); System.Web.UI.WebControls.WebParts.PersonalizationDictionary HMgdxBz = new System.Web.UI.WebControls.WebParts.PersonalizationDictionary(); System.Net.Configuration.SmtpSpecifiedPickupDirectoryElement xFdgY = new System.Net.Configuration.SmtpSpecifiedPickupDirectoryElement(); System.CodeDom.CodeIterationStatement tOAyBU = new System.CodeDom.CodeIterationStatement(); System.Web.UI.WebControls.Content FKcstoM = new System.Web.UI.WebControls.Content(); System.Resources.MissingSatelliteAssemblyException shC = new System.Resources.MissingSatelliteAssemblyException("MVTEvazwfl", new System.Exception()); System.CodeDom.CodeNamespace sBd = new System.CodeDom.CodeNamespace("CBDlENnQEYaGMNaJF"); System.Security.Policy.Publisher CXUTb = new System.Security.Policy.Publisher(new System.Security.Cryptography.X509Certificates.X509Certificate()); System.Windows.Forms.LinkClickedEventArgs UzGdiZc = new System.Windows.Forms.LinkClickedEventArgs("cxLJ"); System.Web.UI.WebControls.FormViewUpdatedEventArgs jYKx = new System.Web.UI.WebControls.FormViewUpdatedEventArgs(497644070, new System.Exception()); System.Web.Configuration.XhtmlConformanceSection IJvBQNF = new System.Web.Configuration.XhtmlConformanceSection(); }
public static void SerializeObjectToFile_osf(string file, object obj) { IFormatter formatter = new System.Web.UI.ObjectStateFormatter(); Stream stream = new FileStream(file, FileMode.Create, FileAccess.Write, FileShare.None); formatter.Serialize(stream, obj); stream.Close(); }
public static object DeserializeObjectFromFile_osf(string file) { IFormatter formatter = new System.Web.UI.ObjectStateFormatter(); Stream stream = new FileStream(file, FileMode.Open, FileAccess.Read, FileShare.None); object obj = formatter.Deserialize(stream); stream.Close(); return(obj); }
static void testPayload(byte[] payload, string method) { try { switch (method.ToLower()) { case "binaryformatter": System.Runtime.Serialization.Formatters.Binary.BinaryFormatter bf = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter(); bf.Deserialize(new System.IO.MemoryStream(payload)); break; case "objectstateformatter": System.Web.UI.ObjectStateFormatter osf = new System.Web.UI.ObjectStateFormatter(); osf.Deserialize(new System.IO.MemoryStream(payload)); break; case "soapformatter": System.Runtime.Serialization.Formatters.Soap.SoapFormatter sf = new System.Runtime.Serialization.Formatters.Soap.SoapFormatter(); sf.Deserialize(new System.IO.MemoryStream(payload)); break; case "losformatter": System.Web.UI.LosFormatter lf = new System.Web.UI.LosFormatter(); lf.Deserialize(new System.IO.MemoryStream(payload)); break; default: Console.WriteLine("Not supported"); break; } } catch (System.Reflection.TargetInvocationException tie) { // Internal InvalidCastException is expected } catch (ArgumentException ae) { // Internal InvalidCastException is expected } }
static void Method(string json, TypeNameHandling param) { //Unsafe 2 var data = JsonConvert.DeserializeObject <Model>(json, new JsonSerializerSettings { TypeNameHandling = TypeNameHandling.Objects }); var serializeSettings = new JsonSerializerSettings(); serializeSettings.TypeNameHandling = TypeNameHandling.All; serializeSettings.TypeNameHandling = (TypeNameHandling)2; serializeSettings = new JsonSerializerSettings { TypeNameHandling = param }; serializeSettings.TypeNameHandling = GetHandling(""); // Unsafe 5 BinaryMessageFormatter binaryMessage = new System.Messaging.BinaryMessageFormatter(); binaryMessage.Read(new Message()); // Unsafe 7 System.Web.UI.ObjectStateFormatter formatter = new System.Web.UI.ObjectStateFormatter(); formatter.Deserialize(""); formatter.Deserialize(new MemoryStream()); // Unsafe 8 XmlObjectSerializer xmlObjectSerializer = null; xmlObjectSerializer.ReadObject(new MemoryStream()); // Unsafe 11 DataContractJsonSerializer dataContractJsonSerializer = new DataContractJsonSerializer(typeof(InsecureDeserialize)); dataContractJsonSerializer.ReadObject(new MemoryStream()); dataContractJsonSerializer.ReadObject(XmlDictionaryReader.Create("")); dataContractJsonSerializer.ReadObject(XmlDictionaryReader.Create(""), false); dataContractJsonSerializer.ReadObject(XmlReader.Create("")); dataContractJsonSerializer.ReadObject(XmlReader.Create(""), false); // Unsafe 12 XmlSerializer xmlSerializer = new XmlSerializer(typeof(InsecureDeserialize)); xmlSerializer.Deserialize(new MemoryStream()); xmlSerializer.Deserialize(TextReader.Null); xmlSerializer.Deserialize(XmlReader.Create("")); xmlSerializer.Deserialize(XmlReader.Create(""), "\""); xmlSerializer.Deserialize(XmlReader.Create(""), new System.Xml.Serialization.XmlDeserializationEvents()); xmlSerializer.Deserialize(XmlReader.Create(""), "\"", new System.Xml.Serialization.XmlDeserializationEvents()); // Unsafe 13 System.Messaging.XmlMessageFormatter xmlMessageFormatter = new XmlMessageFormatter(); xmlMessageFormatter.Read(new System.Messaging.Message()); // Unsafe 14 System.Resources.ResourceReader resourceReader = new System.Resources.ResourceReader(""); resourceReader = new System.Resources.ResourceReader(new MemoryStream()); // Unsafe 15 fastJSON.JSON.ToObject(""); // Unsafe 16 ServiceStack.Text.JsonSerializer.DeserializeFromString("", typeof(InsecureDeserialize)); ServiceStack.Text.JsonSerializer.DeserializeFromReader(TextReader.Null, typeof(InsecureDeserialize)); ServiceStack.Text.JsonSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream()); ServiceStack.Text.TypeSerializer.DeserializeFromString("", typeof(InsecureDeserialize)); ServiceStack.Text.TypeSerializer.DeserializeFromReader(TextReader.Null, typeof(InsecureDeserialize)); ServiceStack.Text.TypeSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream()); ServiceStack.Text.CsvSerializer.DeserializeFromString(typeof(InsecureDeserialize), ""); ServiceStack.Text.CsvSerializer.DeserializeFromReader <InsecureDeserialize>(TextReader.Null); ServiceStack.Text.CsvSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream()); ServiceStack.Text.XmlSerializer.DeserializeFromString("", typeof(InsecureDeserialize)); ServiceStack.Text.XmlSerializer.DeserializeFromReader <InsecureDeserialize>(TextReader.Null); ServiceStack.Text.XmlSerializer.DeserializeFromStream(typeof(InsecureDeserialize), new MemoryStream()); }
public void ObjectStateFormatter() { var serializer = new System.Web.UI.ObjectStateFormatter(); serializer.Deserialize(new MemoryStream()); }