Exploits for CNEXT (CVE-2024-2961), a buffer overflow in the glibc's iconv()
☆505Sep 30, 2024Updated last year
Alternatives and similar repositories for cnext-exploits
Users that are interested in cnext-exploits are comparing it to the libraries listed below
Sorting:
- Generates a `php://filter` chain that adds a prefix and a suffix to the contents of a file.☆236Oct 8, 2024Updated last year
- A CLI to exploit parameters vulnerable to PHP filter chain error based oracle.☆326Jun 2, 2024Updated last year
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆112Jun 23, 2025Updated 8 months ago
- MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize☆1,361Nov 18, 2021Updated 4 years ago
- Some ReadObject Sink With JDBC☆243May 8, 2024Updated last year
- ☆994Jan 23, 2023Updated 3 years ago
- Java Vulnerability Exploitation Platform☆1,990Jan 6, 2026Updated last month
- ☆349Jan 24, 2023Updated 3 years ago
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆866Jun 24, 2024Updated last year
- 一款支持自定义的 Java 内存马生成工具|A customizable Java in-memory webshell generation tool.☆2,157Aug 21, 2025Updated 6 months ago
- A rouge mysql server supports reading files from most mysql libraries of multiple programming languages.☆755Dec 2, 2022Updated 3 years ago
- ZKar is a Java serialization protocol analysis tool implement in Go.☆649Feb 15, 2025Updated last year
- 高性能 HTTP 正向代理工具 | A high-performance http tunneling tool☆2,673Feb 2, 2026Updated last month
- ☆95Sep 2, 2024Updated last year
- dotnet 反序列化学习笔记☆513Oct 19, 2023Updated 2 years ago
- ☆158Jul 10, 2024Updated last year
- 专为CTF设计的Jinja2 SSTI全自动绕WAF脚本 | A Jinja2 SSTI cracker for bypassing WAF, designed for CTF☆1,233Updated this week
- some fun php exploits☆81Nov 12, 2024Updated last year
- A neo4j procedure for tabby☆137May 17, 2025Updated 9 months ago
- A CAT called tabby ( Code Analysis Tool )☆1,637Jan 17, 2026Updated last month
- WebSocket 内存马/Webshell,一种新型内存马/WebShell技术☆1,488Apr 10, 2023Updated 2 years ago
- a rep for documenting my study, may be from 0 to 0.1☆2,248Nov 10, 2025Updated 3 months ago
- CVE-2023-34992: Fortinet FortiSIEM Command Injection Proof of Concept Exploit☆27May 21, 2024Updated last year
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆825Sep 18, 2023Updated 2 years ago
- 一款专注于 Java 主流 Web 中间件的内存马快速生成工具,致力于简化安全研究人员和红队成员的工作流程,提升攻防效率☆1,339Feb 8, 2026Updated 3 weeks ago
- Exploit for the vulnerability CVE-2024-43044 in Jenkins☆184Oct 2, 2024Updated last year
- CTF-Java-Gadget专注于收集CTF中Java赛题的反序列化片段☆276Dec 13, 2024Updated last year
- A (small) web exploit framework☆97Dec 26, 2025Updated 2 months ago
- Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, in…☆2,434Apr 17, 2024Updated last year
- Fastjson姿势技巧集合☆1,825Oct 20, 2023Updated 2 years ago
- 通过端口复用直接进行正向socks5代理(非防火墙分流)☆113Dec 17, 2024Updated last year
- PoC for CVE-2023-4911☆389Oct 4, 2023Updated 2 years ago
- Confluence CVE 2021,2022,2023 利用工具,支持命令执行,哥斯拉,冰蝎 内存马注入☆554Feb 1, 2024Updated 2 years ago
- A helpful Java Deserialization exploit framework.☆1,240Feb 17, 2025Updated last year
- PHPGGC is a library of PHP unserialize() payloads along with a tool to generate them, from command line or programmatically.☆3,753Sep 29, 2025Updated 5 months ago
- Java web路由内存分析工具☆437May 22, 2025Updated 9 months ago
- POC for RCE using vulnerabilities described in VMSA-2023-0001☆148Jan 31, 2023Updated 3 years ago
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆140Mar 11, 2024Updated last year