Click exploiting_java_serialization.pdf link to view the file.