QAX-A-Team / SerialWriter
SerialWriter is an incomplete implementation of Java serialization for study of Java deserialization vulnerabilities.
☆104Updated 6 years ago
Related projects ⓘ
Alternatives and complementary repositories for SerialWriter
- fastjson-1.2.47☆66Updated 5 years ago
- VulHint是辅助代码审计的 sublime text 3 插件☆67Updated 6 years ago
- Java Security Documents☆79Updated 5 years ago
- ☆143Updated 6 years ago
- MySQL JDBC Deserialization Payload / MySQL客户端jdbc反序列化漏洞payload☆13Updated 4 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Updated 5 years ago
- Some codes for bypassing Oracle WebLogic CVE-2018-2628 patch☆114Updated 6 years ago
- Struts2 历史版本的漏洞环境☆83Updated 7 years ago
- RememberMe Padding Oracle Vulnerability RCE☆71Updated 5 years ago
- ☆80Updated 6 years ago
- Struts2 vuln env☆43Updated last year
- ☆69Updated 5 years ago
- ☆62Updated 4 years ago
- ☆131Updated 2 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213Updated 4 years ago
- Java通用漏洞修复安全组件☆58Updated 7 years ago
- 一个用于识别目标网站是否采用Struts2框架开发的工具demo☆162Updated 6 years ago
- ☆58Updated 4 years ago
- A JSP backdoor that enables under Tomcat hiding arbitrary JSP files, in addition to their access logs.☆213Updated 5 years ago
- Remote Command Execution Over Spark☆96Updated 6 years ago
- 又一个Java Web代码审计工具☆99Updated 6 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆68Updated 5 years ago
- Shiro RCE (Padding Oracle Attack)☆142Updated 5 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆101Updated 4 years ago