cn-panda / logbackRceDemoLinks
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆87Updated 3 years ago
Alternatives and similar repositories for logbackRceDemo
Users that are interested in logbackRceDemo are comparing it to the libraries listed below
Sorting:
- Intentionally Vulnerable to Spring4Shell☆52Updated 3 years ago
- ☆19Updated 5 years ago
- spring-cloud-function SpEL RCE, Vultarget & Poc☆135Updated 3 years ago
- Native Java serialization filter blacklist for common gadgets☆20Updated 6 years ago
- Java web and command line applications demonstrating various security topics☆238Updated this week
- CVE-2020-36184 && Jackson-databind RCE☆15Updated 4 years ago
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆35Updated 2 years ago
- CVE-2019-12384 漏洞测试环境☆21Updated 2 years ago
- CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC☆87Updated 2 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆51Updated 4 years ago
- CVE-2020-36179~82 Jackson-databind SSRF&RCE☆81Updated 4 years ago
- Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…☆52Updated 4 years ago
- WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar☆80Updated 4 years ago
- CVE-2020-8840:FasterXML/jackson-databind 远程代码执行漏洞☆36Updated 5 years ago
- ☆36Updated 4 years ago
- CVE-2020-36188 &&Jackson-databind RCE☆11Updated 4 years ago
- log4j2-vaccine☆84Updated 3 years ago
- JNDI注入测试工具改版(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,et…☆48Updated 4 years ago
- Sample Spring application to Demonstrate the Gateway Actuator☆48Updated 3 years ago
- ☆29Updated 4 years ago
- Apache Log4j 1.2.X存在反序 列化远程代码执行漏洞☆78Updated 5 years ago
- Use java instrument API without JAR file☆47Updated 3 years ago
- 收集规则☆30Updated 2 years ago
- Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053☆37Updated 2 years ago
- fastjson auto type derivation search☆20Updated 4 years ago
- 收集 了java XXE漏洞的demo及修复方式☆19Updated last year
- Apache Solr RCE via Velocity template☆116Updated 5 years ago
- Custom / Experimental CodeQL queries☆37Updated 3 years ago
- bypass JEP290 RaspHook code☆62Updated 5 years ago
- springboot getRequestURI acl bypass☆37Updated 5 years ago