cn-panda / logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆84Updated 2 years ago
Related projects: ⓘ
- Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.☆77Updated last month
- spring-cloud-function SpEL RCE, Vultarget & Poc☆133Updated 2 years ago
- Java web and command line applications demonstrating various security topics☆235Updated 2 weeks ago
- My CodeQL queries collection☆93Updated last year
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆36Updated last year
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆48Updated 3 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆99Updated 5 years ago
- log4j2-vaccine☆85Updated 2 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆215Updated last week
- ☆14Updated 4 years ago
- ☆70Updated 7 years ago
- ☆15Updated 2 years ago
- ☆69Updated 2 years ago
- Java反序列化漏洞学习笔记☆16Updated 4 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Updated 4 years ago
- 基于污点分析和模拟栈帧技术的JSP Webshell检测☆43Updated 4 months ago
- A static analysis API for finding deserialization attack gadgets☆37Updated last year
- 《深入理解DAST动态应用程序安全测试》Dynamic Application Security Testing.☆45Updated last year
- Java agent without file 无文件的Java agent☆77Updated 2 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆126Updated 4 years ago
- CVE-2019-3799 - Spring Cloud Config Server: Directory Traversal < 2.1.2, 2.0.4, 1.4.6☆31Updated 5 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆50Updated last year
- Ready to use docker image for CodeQL☆88Updated 8 months ago
- Debug CVEs!☆31Updated last year
- 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…☆121Updated 2 years ago
- Redis RCE 的几种方法☆90Updated 3 months ago
- (CVE-2015-7501)JBoss JMXInvokerServlet 反序列化漏洞☆20Updated 4 years ago
- 用于检测maven项目的第三方依赖组件是否存在安全漏洞。☆99Updated 2 years ago
- ☆27Updated this week
- Custom / Experimental CodeQL queries☆37Updated 2 years ago