PortSwigger / java-serialized-payloads
YSOSERIAL Integration with burp suite
☆40Updated 2 years ago
Related projects: ⓘ
- ☆41Updated 4 years ago
- ☆63Updated 5 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆47Updated 5 years ago
- ☆34Updated 5 years ago
- Proof of concept written in Python to show that in some situations a SSRF vulnerability can be used to steal NTLMv1/v2 hashes.☆57Updated 6 years ago
- Extension providing view with filtering capabilities for both complete and incomplete requests from all burp tools.☆47Updated 3 years ago
- Full TTY reverse shell over SSH☆57Updated 4 years ago
- XSS payloads for edge cases☆34Updated 5 years ago
- Another plugin for CRLF vulnerability detection☆26Updated 7 years ago
- PoC of Remote Command Execution via Log injection on SAP NetWeaver AS JAVA CRM☆52Updated 6 years ago
- All-in-one plugin for Burp Suite for the detection and the exploitation of Java deserialization vulnerabilities☆26Updated 2 years ago
- Fuzzing for LFI using Burpsuite☆58Updated 7 years ago
- A Burp extension to show the Collaborator client in a tab☆36Updated last year
- A server vulnerable to XXE that can be used to test payloads using the xxer tool.☆25Updated 6 years ago
- Environment for CVE-2019-6340 (Drupal)☆41Updated last year
- Here you can get full exploit for SAP NetWeaver AS JAVA☆73Updated 6 years ago
- Burp extension☆57Updated 6 years ago
- Roundcube 1.0.0 <= 1.2.2 Remote Code Execution exploit and vulnerable container☆43Updated 5 months ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆52Updated 3 years ago
- miscellaneous security research stuff☆38Updated 5 years ago
- Study about HQL injection exploitation.☆48Updated 8 years ago
- ☆75Updated 11 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆54Updated 7 years ago
- Proof of concept showing how to exploit the CVE-2018-11759☆41Updated 5 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆41Updated 9 months ago
- Burp Suite extension for JAX-RS☆65Updated 7 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆51Updated 11 years ago
- Broken Link Hijacking Burp Extension☆54Updated 5 years ago
- ☆51Updated this week
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆121Updated 6 years ago