cn-panda / logbackRceDemoLinks
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆87Updated 3 years ago
Alternatives and similar repositories for logbackRceDemo
Users that are interested in logbackRceDemo are comparing it to the libraries listed below
Sorting:
- ☆19Updated 5 years ago
- spring-cloud-function SpEL RCE, Vultarget & Poc☆135Updated 3 years ago
- Intentionally Vulnerable to Spring4Shell☆52Updated 3 years ago
- Native Java serialization filter blacklist for common gadgets☆20Updated 6 years ago
- CVE-2020-36179~82 Jackson-databind SSRF&RCE☆81Updated 4 years ago
- Java web and command line applications demonstrating various security topics☆237Updated last week
- Ready to use docker image for CodeQL☆90Updated last year
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆36Updated 2 years ago
- ☆72Updated 3 years ago
- ☆151Updated 6 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆51Updated 4 years ago
- log4j2-vaccine☆84Updated 3 years ago
- CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC☆86Updated 2 years ago
- ☆87Updated 3 years ago
- CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞☆36Updated 5 years ago
- ☆29Updated 4 years ago
- Apache Log4j 1.2.X存在反序列化远程代码执行漏洞☆78Updated 5 years ago
- PaddingZip is a tool that you can craft a zip file that contains the padding characters between the file content.☆75Updated 3 years ago
- CVE-2020-36188 &&Jackson-databind RCE☆11Updated 4 years ago
- Log4j_dos_CVE-2021-45105☆13Updated 3 years ago
- WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar☆80Updated 4 years ago
- fastjson auto type derivation search☆21Updated 4 years ago
- Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…☆52Updated 4 years ago
- bypass JEP290 RaspHook code☆62Updated 4 years ago
- Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK☆49Updated last year
- ☆58Updated 5 years ago
- springboot getRequestURI acl bypass☆37Updated 4 years ago
- My CodeQL queries collection☆98Updated 2 years ago
- Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.☆18Updated 6 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Updated 5 years ago