cn-panda / logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆87Updated 3 years ago
Alternatives and similar repositories for logbackRceDemo:
Users that are interested in logbackRceDemo are comparing it to the libraries listed below
- Intentionally Vulnerable to Spring4Shell☆51Updated 2 years ago
- spring-cloud-function SpEL RCE, Vultarget & Poc☆133Updated 2 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆50Updated 3 years ago
- Apache Solr RCE via Velocity template☆108Updated 5 years ago
- Log4j_dos_CVE-2021-45105☆13Updated 3 years ago
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆36Updated 2 years ago
- Sample Spring application to Demonstrate the Gateway Actuator☆47Updated 3 years ago
- Among the existing Log4shell practice materials JNDIExploit v1.2☆38Updated 3 years ago
- My CodeQL queries collection☆96Updated last year
- Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.☆79Updated 6 months ago
- Exploit for WebSocket Vulnerability in Apache Tomcat☆166Updated 4 years ago
- ☆74Updated 7 years ago
- 《深入理解IAST交互式应用安全测试》Interactive Application Security Testing.☆13Updated 2 years ago
- S2-061 CVE-2020-17530☆29Updated 4 years ago
- Java web and command line applications demonstrating various security topics☆237Updated this week
- S2-061 的payload,以及对应简单的PoC/Exp☆48Updated 4 years ago
- ☆87Updated 2 years ago
- ☆92Updated 2 years ago
- log4j2-vaccine☆85Updated 3 years ago
- Java反序列化漏洞学习笔记☆15Updated 5 years ago
- jasypt Decrypt Encrypt☆14Updated 3 years ago
- Apache Log4j 1.2.X存在反序列化远程代码执行漏洞☆78Updated 5 years ago
- Custom / Experimental CodeQL queries☆37Updated 2 years ago
- Library for manually creating Java serialization data.☆29Updated 2 years ago
- ☆28Updated 3 years ago
- Java agent without file 无文件的Java agent☆78Updated 2 years ago
- Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0☆82Updated 5 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆104Updated 5 years ago
- PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.☆62Updated 2 years ago
- Phoenix Framework Project☆42Updated 3 years ago