some struts tag , attributes which out of the range will call SetDynamicAttribute() function, it will cause ONGL expression execute
☆70Dec 14, 2020Updated 5 years ago
Alternatives and similar repositories for S2-061
Users that are interested in S2-061 are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213May 19, 2020Updated 6 years ago
- CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process…☆25Dec 13, 2020Updated 5 years ago
- fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.☆229Oct 12, 2022Updated 3 years ago
- 自用缝合怪内网扫描器,支持端口扫描,识别服务,获取title,扫描多网卡,ms17010扫描,icmp存活探测。☆283Nov 12, 2020Updated 5 years ago
- Shiro-550 不依赖CC链利用工具☆451Jun 19, 2024Updated last year
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- 用于WebLogic poc及exp测试的基础脚本,后续将集成各版本poc库☆95Nov 4, 2020Updated 5 years ago
- WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞,�一键注册蚁剑filter内存shell☆534Aug 25, 2020Updated 5 years ago
- Skywalking远程代码执行漏洞验证☆19Feb 22, 2021Updated 5 years ago
- Run Swing based GUI application within the Docker container through the Jetbrains Projector, and access it from browsers.☆18Apr 10, 2021Updated 5 years ago
- Java XMLDecoder payload generator☆16Jul 27, 2021Updated 4 years ago
- Java RCE 回显测试代码☆1,014Oct 15, 2020Updated 5 years ago
- 个人使用的一款Web CMS指纹扫描器☆25Aug 4, 2020Updated 5 years ago
- Flask 内存马☆314Mar 26, 2021Updated 5 years ago
- 伪造Myslq服务端,并利用Mysql逻辑漏洞来获取客户端的任意文件反击攻击者☆361Apr 24, 2022Updated 4 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- 用CSharp写的一款信息搜集工具,目前支持Navicat、TeamView、Xshell、SecureCRT产品的密码解密☆251Aug 26, 2020Updated 5 years ago
- 这个脚本主要提供对Exchange邮件服务器的账户爆破功能,集成了现有主流接口的爆破方式。☆340May 22, 2023Updated 3 years ago
- 通过 Redis 主从写出无损文件☆719May 25, 2020Updated 6 years ago
- (周瑜)Java - SpringBoot 持久化 WebShell(不仅仅是SpringBoot,适合任何符合JavaEE规范的服务)☆615Dec 29, 2021Updated 4 years ago
- rmi、jndi、ldap、jrmp、jmx、jms一些demo测试☆311Jun 17, 2022Updated 3 years ago
- Exploit for CVE-2022-21999 - Windows Print Spooler Elevation of Privilege Vulnerability (LPE)☆10Feb 9, 2022Updated 4 years ago
- 适用于weblogic和Tomcat的无文件的内存马(memshell)☆271Mar 4, 2022Updated 4 years ago
- ��🐸Unauthorized Detection Framework未授权访问检测框架☆161May 18, 2026Updated last week
- 提取DC日志,快速获取域用户对应IP地址☆311Mar 21, 2022Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- 利用NTLM Hash读取Exchange邮件☆443Mar 23, 2026Updated 2 months ago
- 可在Windows下执行系统命令的Redis模块,可用于Redis主从复制攻击。☆265Nov 25, 2022Updated 3 years ago
- Behinder3.0 Beta4 源码(Decompile and Fixed)☆207Sep 1, 2020Updated 5 years ago
- gxor程序根据输入的二进制文件进行异或运算输出☆22Sep 13, 2021Updated 4 years ago
- X安蜜罐用的一些存在JSonp劫持的API☆92May 28, 2021Updated 4 years ago
- ❄️冰蝎客户端源码-V4.0.6🔞☆942Jul 8, 2025Updated 10 months ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆766Dec 2, 2022Updated 3 years ago
- F5 BIG-IP 任意文件读取+远程命令执行RCE☆13Jul 8, 2020Updated 5 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Shellcode antivirus evasion framework☆27Jan 16, 2021Updated 5 years ago
- 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码☆714May 10, 2021Updated 5 years ago
- Exchange2010 authorized RCE☆157Dec 24, 2020Updated 5 years ago
- xray社区高级版证书生成,仅供学习研究,正常使用请支持正版。removed due to Chaitin requirements & support to version 1.4.4 & learning purpose☆443Nov 11, 2020Updated 5 years ago
- 一个全新的敏感文件发现工具☆225Jan 10, 2021Updated 5 years ago
- 一款基于webshell命令执行功能实现的GUI webshell管理工具,支持流量加密☆219Jun 4, 2021Updated 4 years ago
- ☆19Sep 14, 2021Updated 4 years ago