I am trying to understand the CVE-2020-15505 - [RCE on MobileIron MDM]
from some references like: https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
they all start there exploit by using "POST /mifs/.;/services/LogService". my question is, what is the mean of this request?
/mifs/
is the webroot of MobileIron/services/LogService
is the vulnerable endpoint of Hessian DeserializationAbout the
/.;/
, you can refer my Breaking Parser Logic research in 2018