some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute
☆70Dec 14, 2020Updated 5 years ago
Alternatives and similar repositories for S2-061
Users that are interested in S2-061 are comparing it to the libraries listed below
Sorting:
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process…☆25Dec 13, 2020Updated 5 years ago
- 自用缝合怪内网扫描器,支持端口扫描,识别服务,获取title,扫描多网卡,ms17010扫描,icmp存活探测。☆283Nov 12, 2020Updated 5 years ago
- fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.☆229Oct 12, 2022Updated 3 years ago
- WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,一键注册蚁剑filter内存shell☆535Aug 25, 2020Updated 5 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- Run Swing based GUI application within the Docker container through the Jetbrains Projector, and access it from browsers.☆18Apr 10, 2021Updated 4 years ago
- 用于WebLogic poc及exp测试的基础脚本,后续将集成各版本poc库☆94Nov 4, 2020Updated 5 years ago
- Java RCE 回显测试代码☆1,016Oct 15, 2020Updated 5 years ago
- 这个脚本主要提供对Exchange邮件服务器的账户爆破功能,集成了现有主流接口的爆破方式。☆339May 22, 2023Updated 2 years ago
- 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者☆364Apr 24, 2022Updated 3 years ago
- 用CSharp写的一款信息搜集工具,目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密☆251Aug 26, 2020Updated 5 years ago
- Java XMLDecoder payload generator☆16Jul 27, 2021Updated 4 years ago
- Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)☆10Feb 9, 2022Updated 4 years ago
- 通过 Redis 主从写出无损文件☆719May 25, 2020Updated 5 years ago
- 个人使用的一款Web CMS指纹扫描器☆25Aug 4, 2020Updated 5 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- Flask 内存马☆313Mar 26, 2021Updated 4 years ago
- rmi、jndi、ldap、jrmp、jmx、jms一些demo测试☆310Jun 17, 2022Updated 3 years ago
- ☆19Sep 14, 2021Updated 4 years ago
- gxor程序根据输入的二进制文件进行异或运算输出☆22Sep 13, 2021Updated 4 years ago
- 🐸Unauthorized Detection Framework未授权访问检测框架☆161Dec 15, 2023Updated 2 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆269Mar 4, 2022Updated 4 years ago
- xray社区高级版证书生成,仅供学习研究,正常使用请支持正版。removed due to Chaitin requirements & support to version 1.4.4 & learning purpose☆443Nov 11, 2020Updated 5 years ago
- 可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。☆264Nov 25, 2022Updated 3 years ago
- 提取DC日志,快速获取域用户对应IP地址☆308Mar 21, 2022Updated 3 years ago
- ☆143Jan 21, 2021Updated 5 years ago
- Behinder3.0 Beta4 源码(Decompile and Fixed)☆207Sep 1, 2020Updated 5 years ago
- Use Hive to hijack a Hadoop cluster+☆17Apr 30, 2020Updated 5 years ago
- F5 BIG-IP 任意文件读取+远程命令执行RCE☆13Jul 8, 2020Updated 5 years ago
- ❄️冰蝎客户端源码-V4.0.6🔞☆939Jul 8, 2025Updated 7 months ago
- 利用NTLM Hash读取Exchange邮件☆441Jan 7, 2025Updated last year
- 一个全新的敏感文件发现工具☆225Jan 10, 2021Updated 5 years ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆755Dec 2, 2022Updated 3 years ago
- 一款基于webshell命令执行功能实现的GUI webshell管理工具,支持流量加密☆218Jun 4, 2021Updated 4 years ago
- An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability☆469Sep 16, 2023Updated 2 years ago
- Collect JSP webshell of various implementation methods. 梳理和发现的JSP Webshell各种姿势☆1,404Jan 18, 2022Updated 4 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- 这是一个抓取浏览器密码的工具,后续会添加更多功能☆1,455May 21, 2022Updated 3 years ago