Basic code for creating the Alibaba FastJson + Spring gadget chain, as used to exploit Apache Dubbo in CVE-2019-17564 - more information available at https://www.checkmarx.com/blog/apache-dubbo-unauthenticated-remote-code-execution-vulnerability
☆16Dec 10, 2022Updated 3 years ago
Alternatives and similar repositories for CVE-2019-17564-FastJson-Gadget
Users that are interested in CVE-2019-17564-FastJson-Gadget are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- DomainPasswordSpray is a tool written in PowerShell to perform a password spray attack against users of a domain. By default it will auto…☆11Sep 2, 2020Updated 5 years ago
- 代码审计关键词扫描工具☆11Apr 29, 2024Updated 2 years ago
- This repo contains Axis web shells☆18Jun 15, 2019Updated 7 years ago
- Weblogic RCE with IIOP☆80Jan 18, 2020Updated 6 years ago
- ThinkPHP各版本反序列化利用代码☆32Aug 13, 2020Updated 5 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- ☆22Jan 7, 2021Updated 5 years ago
- Stop Windows Defender programmatically☆15Jan 17, 2022Updated 4 years ago
- Jsp Decoder Source Code☆16Mar 23, 2021Updated 5 years ago
- ☆97Nov 26, 2022Updated 3 years ago
- Flask 内存马☆314Mar 26, 2021Updated 5 years ago
- ActiveMQ RCE (CVE-2023-46604) 回显利用工具☆43Sep 13, 2024Updated last year
- CVE-2020-4464 / CVE-2020-4450☆36Aug 24, 2021Updated 4 years ago
- An AntSword's plugin to scan webshell☆16Sep 2, 2019Updated 6 years ago
- 清除基于java agent木马☆80Apr 12, 2021Updated 5 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- 读取微信联系人列表,版本(3.9.12.51)☆13Mar 22, 2025Updated last year
- Java After-Deserialization Attack☆78Apr 26, 2021Updated 5 years ago
- XXST-白加黑辅助挖掘工具,全程静默运行不影响正常使用☆17Apr 12, 2024Updated 2 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆94Jan 17, 2023Updated 3 years ago
- LANGZI_SRC_安全巡航 是一款集成漏扫,验证,资产监控,自动复现并且生成结果表报的工具,实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。☆14Jul 7, 2019Updated 7 years ago
- Woodpecker framework Tomcat vulnerability library☆15May 23, 2021Updated 5 years ago
- fastjson 1.2.68 版本 autotype bypass☆141Jun 17, 2022Updated 4 years ago
- Webshell plugin that works on any Atlassian product employing their plugin framework☆27Nov 20, 2017Updated 8 years ago
- ☆11Oct 23, 2019Updated 6 years ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- 在spring-aop中新发现的反序列化gadget-chain☆52Jan 12, 2025Updated last year
- 收集了java XXE漏洞的demo及修复方式☆19Mar 11, 2024Updated 2 years ago
- ☆85Dec 6, 2019Updated 6 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- IngressNightmare POC. world first non-blind remote execution exploitation with multi-advanced exploitation methods. allow on disk exploit…☆97May 6, 2025Updated last year
- 修改自geacon的多功能linux运维管理工具☆61Apr 2, 2021Updated 5 years ago
- 一个利用ASM对字节码进行污点传播分析的静态代码审计应用(添加了大量代码注释,适合大家进行源码学习)。也加入了挖掘Fastjson反序列化gadget chains和SQLInject(JdbcTemplate、MyBatis、JPA、Hibernate、原生jdbc等)静…☆456Mar 24, 2022Updated 4 years ago
- weblogic漏洞利用工具☆17Jul 16, 2020Updated 5 years ago
- Apache Dubbo (CVE-2023-23638)漏洞利用的工程化实践☆230Aug 8, 2023Updated 2 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- Proof of concept of VMSA-2017-0012☆41Jul 27, 2017Updated 8 years ago
- 中国蚁剑JSP一句话Payload☆123Oct 4, 2020Updated 5 years ago
- ☆22Jun 23, 2016Updated 10 years ago
- Shiro-550 不依赖CC链利用工具☆449Jun 19, 2024Updated 2 years ago
- PoC for CVE-2025-22457 - A remote unauthenticated stack based buffer overflow affecting Ivanti Connect Secure, Pulse Connect Secure, Ivan…☆73Apr 25, 2025Updated last year
- django 漏洞:CVE-2020-7471 Potential SQL injection via StringAgg(delimiter) 的漏洞环境和 POC☆104Feb 13, 2020Updated 6 years ago
- CVE-2018-3191 反弹shell☆16Oct 23, 2018Updated 7 years ago