Wfzsec / ysoserial-pocView external linksLinks
记录调试分析ysoserial系列的学习过程,主要包含手动构造的一些poc,便于加深对漏洞和工具的理解
☆30Jun 15, 2020Updated 5 years ago
Alternatives and similar repositories for ysoserial-poc
Users that are interested in ysoserial-poc are comparing it to the libraries listed below
Sorting:
- 启动一个system权限的cmd☆12Apr 23, 2021Updated 4 years ago
- 护网杯 2018 WEB (4) easy_laravel☆12Aug 22, 2019Updated 6 years ago
- log4j 1.x RCE Poc -- CVE-2021-4104☆20Dec 14, 2021Updated 4 years ago
- python security audit tool,用于python源码的代码审计,支持命令注入,sql注入☆63Jun 4, 2015Updated 10 years ago
- The Security Practices of Party A Phishing☆20Nov 9, 2019Updated 6 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Nov 26, 2018Updated 7 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Jun 25, 2019Updated 6 years ago
- Struts2 vuln env☆43Dec 6, 2022Updated 3 years ago
- 分享在建设安全管理体系、ISO27001、等级保护、安全评审过程中的点点滴滴☆23Aug 27, 2018Updated 7 years ago
- SyscallLoader☆11Sep 13, 2021Updated 4 years ago
- ☆10May 23, 2019Updated 6 years ago
- 1000个PHP代码审计案例(2016.7以前乌云公开漏洞)☆11Sep 30, 2016Updated 9 years ago
- ☆131Jun 17, 2022Updated 3 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- ☆50Nov 4, 2022Updated 3 years ago
- ☆13Feb 9, 2022Updated 4 years ago
- Really stupid re-implementation of invoke-wmiexec☆13Jul 14, 2022Updated 3 years ago
- 参赛所用的sshop平台☆11Jun 26, 2018Updated 7 years ago
- fastjson_rce工具,不用搭建HTTP服务,不受JDK版本限制☆10Nov 25, 2019Updated 6 years ago
- A pyhon script to do port scan via weblogic uuid☆10Oct 1, 2020Updated 5 years ago
- ☆12Mar 29, 2019Updated 6 years ago
- xss payloads generator☆25Mar 1, 2019Updated 6 years ago
- 一些Java RASP demo☆11Sep 26, 2019Updated 6 years ago
- Jsp Decoder Source Code☆16Mar 23, 2021Updated 4 years ago
- 🚩 CTF AWD framework☆28Nov 28, 2021Updated 4 years ago
- Python3 Reverse Shell☆13May 24, 2019Updated 6 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- ☆89Jun 28, 2022Updated 3 years ago
- 打CTF实在厌倦了找利用链,就知道一个fastjson的版本,一堆依赖找啊找,头都疼。为了解决这个烦恼,用了卓卓师傅的fastjson黑名单工具和库,自己改造了一下。☆32Jan 3, 2020Updated 6 years ago
- Java Security Documents☆81Sep 19, 2019Updated 6 years ago
- HCTF 2017 线下赛平台☆14Dec 17, 2017Updated 8 years ago
- ☆14Dec 29, 2020Updated 5 years ago
- 域前置版本FRP☆16Nov 24, 2022Updated 3 years ago
- JEECMS FreeMarker-RCE☆12Nov 12, 2021Updated 4 years ago
- JavaAgent内存马☆17Jun 15, 2021Updated 4 years ago
- Phantom eye——A passive business logic vulnerability auditing tool☆54Mar 25, 2019Updated 6 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆125Jul 17, 2020Updated 5 years ago
- 在JustTrustMe的基础上修改了log日志打印位置,便于追踪hook函数☆30Jul 15, 2019Updated 6 years ago
- java内存对象搜索辅助工具☆822Sep 23, 2022Updated 3 years ago