Dor-Tumarkin/CVE-2019-17564-FastJson-Gadget external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Dor-Tumarkin/CVE-2019-17564-FastJson-Gadget

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Dor-Tumarkin/CVE-2019-17564-FastJson-Gadget)

Close

Dor-Tumarkin / CVE-2019-17564-FastJson-GadgetView on GitHubMore

• External links
• Readme badge

Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information available at https://www.checkmarx.com/blog/apache-dubbo-unauthenticated-remote-code-execution-vulnerability

☆16Dec 10, 2022Updated 3 years ago

Alternatives and similar repositories for CVE-2019-17564-FastJson-Gadget

Users that are interested in CVE-2019-17564-FastJson-Gadget are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• BC-SECURITY / DomainPasswordSpray

  View on GitHub
  DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…
  ☆11Sep 2, 2020Updated 5 years ago
• getpanic / code_scan

  View on GitHub
  代码审计关键词扫描工具
  ☆11Apr 29, 2024Updated last year
• incredibleindishell / axis_web_shell

  View on GitHub
  This repo contains Axis web shells
  ☆18Jun 15, 2019Updated 6 years ago
• jas502n / CVE-2020-2551

  View on GitHub
  Weblogic RCE with IIOP
  ☆80Jan 18, 2020Updated 6 years ago
• TomAPU / ThinkPHP-Unserialize-Collection

  View on GitHub
  ThinkPHP各版本反序列化利用代码
  ☆32Aug 13, 2020Updated 5 years ago
• NordVPN Threat Protection Pro™ • Ad
  Take your cybersecurity to the next level. Block phishing, malware, trackers, and ads. Lightweight app that works with all browsers.
• FunnyWolf / execute-assembly

  View on GitHub
  ☆22Jan 7, 2021Updated 5 years ago
• timwhitez / StopDefender

  View on GitHub
  Stop Windows Defender programmatically
  ☆15Jan 17, 2022Updated 4 years ago
• AntSwordProject / AntSword-JSP-Decoder

  View on GitHub
  Jsp Decoder Source Code
  ☆16Mar 23, 2021Updated 5 years ago
• pimps / gopher-tomcat-deployer

  View on GitHub
  Gopher Tomcat Deployer
  ☆48Nov 12, 2018Updated 7 years ago
• BeichenDream / GodzillaMemoryShellProject.NET

  View on GitHub
  ☆96Nov 26, 2022Updated 3 years ago
• iceyhexman / flask_memory_shell

  View on GitHub
  Flask 内存马
  ☆313Mar 26, 2021Updated 5 years ago
• Arlenhiack / ActiveMQ-RCE-Exploit

  View on GitHub
  ActiveMQ RCE (CVE-2023-46604) 回显利用工具
  ☆41Sep 13, 2024Updated last year
• CSUAuroraLab / ACTF2020

  View on GitHub
  repo for ACTF 2020. Challenges, WPs, sources, etc.
  ☆14Dec 9, 2020Updated 5 years ago
• silentsignal / WebSphere-WSIF-gadget

  View on GitHub
  CVE-2020-4464 / CVE-2020-4450
  ☆36Aug 24, 2021Updated 4 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• virink / as_scanwebshell

  View on GitHub
  An AntSword's plugin to scan webshell
  ☆16Sep 2, 2019Updated 6 years ago
• potats0 / AgentMemShellScanner

  View on GitHub
  清除基于java agent木马
  ☆80Apr 12, 2021Updated 4 years ago
• kanadeblisst00 / read_wechat_contacts

  View on GitHub
  读取微信联系人列表，版本（3.9.12.51）
  ☆13Mar 22, 2025Updated last year
• Ruil1n / after-deserialization-attack

  View on GitHub
  Java After-Deserialization Attack
  ☆79Apr 26, 2021Updated 4 years ago
• likeNlong / dll_finder

  View on GitHub
  XXST-白加黑辅助挖掘工具，全程静默运行不影响正常使用
  ☆17Apr 12, 2024Updated last year
• flowerwind / AutoGenerateXalanPayload

  View on GitHub
  cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
  ☆93Jan 17, 2023Updated 3 years ago
• lsh4ck / Langzi_SRC_Safe_Cruise

  View on GitHub
  LANGZI_SRC_安全巡航 是一款集成漏扫，验证，资产监控，自动复现并且生成结果表报的工具，实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。
  ☆14Jul 7, 2019Updated 6 years ago
• woodpecker-appstore / tomcat-vuldb

  View on GitHub
  Woodpecker framework Tomcat vulnerability library
  ☆15May 23, 2021Updated 4 years ago
• iSafeBlue / fastjson-autotype-bypass-demo

  View on GitHub
  fastjson 1.2.68 版本 autotype bypass
  ☆142Jun 17, 2022Updated 3 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
• dubfr33 / atlassian-webshell-plugin

  View on GitHub
  Webshell plugin that works on any Atlassian product employing their plugin framework
  ☆27Nov 20, 2017Updated 8 years ago
• yuxiaokui / onethink_rce

  View on GitHub
  ☆11Oct 23, 2019Updated 6 years ago
• Ape1ron / SpringAopInDeserializationDemo1

  View on GitHub
  在spring-aop中新发现的反序列化gadget-chain
  ☆52Jan 12, 2025Updated last year
• keven1z / XXEDemo

  View on GitHub
  收集了java XXE漏洞的demo及修复方式
  ☆19Mar 11, 2024Updated 2 years ago
• l1nk3rlin / CVE-2019-2890

  View on GitHub
  ☆85Dec 6, 2019Updated 6 years ago
• mackleadmire / CVE-2018-3191-Rce-Exploit

  View on GitHub
  ☆17Oct 25, 2018Updated 7 years ago
• TheKingOfDuck / geacon

  View on GitHub
  修改自geacon的多功能linux运维管理工具
  ☆62Apr 2, 2021Updated 4 years ago
• Esonhugh / ingressNightmare-CVE-2025-1974-exps

  View on GitHub
  IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploit…
  ☆92May 6, 2025Updated 10 months ago
• threedr3am / gadgetinspector

  View on GitHub
  一个利用ASM对字节码进行污点传播分析的静态代码审计应用（添加了大量代码注释，适合大家进行源码学习）。也加入了挖掘Fastjson反序列化gadget chains和SQLInject（JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等）静…
  ☆458Mar 24, 2022Updated 4 years ago
• NordVPN Special Discount Offer • Ad
  Save on top-rated NordVPN 1 or 2-year plans with secure browsing, privacy protection, and support for for all major platforms.
• bravery9 / weblogic_exploit

  View on GitHub
  weblogic漏洞利用工具
  ☆17Jul 16, 2020Updated 5 years ago
• YYHYlh / Apache-Dubbo-CVE-2023-23638-exp

  View on GitHub
  Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践
  ☆230Aug 8, 2023Updated 2 years ago
• guardicore / vmware_guest_auth_bypass

  View on GitHub
  Proof of concept of VMSA-2017-0012
  ☆41Jul 27, 2017Updated 8 years ago
• yzddmr6 / JspForAntSword

  View on GitHub
  中国蚁剑JSP一句话Payload
  ☆123Oct 4, 2020Updated 5 years ago
• Meatballs1 / ms16-032

  View on GitHub
  ☆22Jun 23, 2016Updated 9 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆450Jun 19, 2024Updated last year
• icecliffs / nextassets

  View on GitHub
  Bug Hunter/Red Team/Yellow Team/Blue Team/Green Team/Cyan Team/Purple Team/Operations/Security Research Asset Collection & Scanning Platf…
  ☆25Feb 9, 2026Updated last month