2 web tasks from ZeroNights HackQuest 2016
☆50Mar 24, 2017Updated 8 years ago
Alternatives and similar repositories for ZeroNights-HackQuest-2016
Users that are interested in ZeroNights-HackQuest-2016 are comparing it to the libraries listed below
Sorting:
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- cve-2014-0130 rails directory traversal vuln☆19May 15, 2017Updated 8 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- The Demo for CVE-2017-11427☆12Mar 3, 2018Updated 8 years ago
- 一款存储HTTP请求入库的burpsuite插件☆29Apr 8, 2018Updated 7 years ago
- A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities☆60Apr 18, 2017Updated 8 years ago
- Java serialization brute force attack tool.☆123Aug 18, 2017Updated 8 years ago
- PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)☆25Dec 1, 2018Updated 7 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- Proof of concept showing how to exploit the CVE-2018-11759☆40Dec 11, 2018Updated 7 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- PoC code for crashing windows active directory☆35Sep 19, 2018Updated 7 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 8 years ago
- spring mvc cve-2014-3625☆32Mar 11, 2016Updated 9 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- Web Security Technology & Vulnerability Analysis Whitepapers☆549Jan 1, 2019Updated 7 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- ☆46May 15, 2016Updated 9 years ago
- My solutions in Python for Corelan's Exploit Writing Tutorials☆13Jun 2, 2016Updated 9 years ago
- Look-Ahead Java Deserialization Library☆422Jan 7, 2020Updated 6 years ago
- Simple socket-based gateway to the Burp Collaborator☆34Nov 23, 2016Updated 9 years ago
- 梧桐百科投稿通道☆22May 21, 2018Updated 7 years ago
- WEB 跨域postMessage() 漏洞挖掘工具,基本原理:使用AJAX 获取页面代码,结合iframe 和data 协议构造测试环境,然后在iframe 下的window.onmessage 中插入hook 监控onmessage 的参数,最后通过能否被原来的onme…☆11Sep 13, 2016Updated 9 years ago
- 可能有一些你没见过的端口扫描脚本☆12Nov 28, 2018Updated 7 years ago
- Java RMI enumeration and attack tool.☆743Sep 28, 2017Updated 8 years ago
- 常用的一些Exploit,经常会更新,也欢迎各位提交新的exp给我。☆26Jul 27, 2018Updated 7 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM☆52Mar 14, 2018Updated 7 years ago
- Exploit for Jenkins serialization vulnerability - CVE-2016-0792☆49Aug 2, 2017Updated 8 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 7 years ago
- A simple dns resolver of dns-record and web-record log server for pentesting☆132Nov 7, 2017Updated 8 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- IDA Pro plugin that rename functions on load, based on functionality☆19Mar 9, 2018Updated 7 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆44Dec 17, 2023Updated 2 years ago