what does the line "/mifs/.;/services/LogService" mean

3.2k Views Asked by At

I am trying to understand the CVE-2020-15505 - [RCE on MobileIron MDM]

from some references like: https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html

they all start there exploit by using "POST /mifs/.;/services/LogService". my question is, what is the mean of this request?

1

There are 1 best solutions below

0
On

/mifs/ is the webroot of MobileIron
/services/LogService is the vulnerable endpoint of Hessian Deserialization

About the /.;/, you can refer my Breaking Parser Logic research in 2018