The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆86Dec 14, 2021Updated 4 years ago
Alternatives and similar repositories for logbackRceDemo
Users that are interested in logbackRceDemo are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Apache Dubbo漏洞测试Demo及其POC☆65Mar 27, 2023Updated 2 years ago
- ☆295May 7, 2022Updated 3 years ago
- My CodeQL queries collection☆99Aug 28, 2023Updated 2 years ago
- Intentionally Vulnerable to Spring4Shell☆52Apr 1, 2022Updated 3 years ago
- 利用链、漏洞检测工具☆374Jul 31, 2024Updated last year
- ☆21Oct 7, 2022Updated 3 years ago
- 检测目标Mysql数据库是不是蜜罐☆127Feb 23, 2021Updated 5 years ago
- Java安全路上的学习笔记☆84Feb 24, 2023Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归纳总结。☆420Dec 3, 2021Updated 4 years ago
- Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK☆49Jan 7, 2024Updated 2 years ago
- 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码☆712May 10, 2021Updated 4 years ago
- ☆91Mar 9, 2022Updated 4 years ago
- Use java instrument API without JAR file☆47Jun 19, 2022Updated 3 years ago
- Apache Log4j 1.2.X存在反序列化远程代码执行漏洞☆78Dec 25, 2019Updated 6 years ago
- 收集了java XXE漏洞的demo及修复方式☆19Mar 11, 2024Updated 2 years ago
- rmi、jndi、ldap、jrmp、jmx、jms一些demo测试☆311Jun 17, 2022Updated 3 years ago
- 注入JVM进程 动态获取目标进程连接的数据库☆341Mar 6, 2022Updated 4 years ago
- ☆21Mar 25, 2022Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- CodeQL 寻找 JNDI利用 Lookup接口☆166Apr 10, 2022Updated 3 years ago
- fastjson 1.2.68 版本 autotype bypass☆142Jun 17, 2022Updated 3 years ago
- Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…☆53Jun 6, 2021Updated 4 years ago
- bypass BeaconEye☆89Sep 9, 2021Updated 4 years ago
- Codeql学习笔记☆899Apr 25, 2022Updated 3 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆212May 19, 2020Updated 5 years ago
- 恶意软件容器靶机☆105Mar 4, 2021Updated 5 years ago
- 🕳️ Proof of Concept exploits and their descriptions for various products☆25Nov 12, 2024Updated last year
- ��☆83Nov 20, 2021Updated 4 years ago
- CodeQL Java 全网最全的中文学习资料☆799Mar 18, 2022Updated 4 years ago
- Fastjson姿势技巧集合☆1,833Oct 20, 2023Updated 2 years ago
- Windows杀软对比和补丁号对比☆57Oct 28, 2019Updated 6 years ago
- springboot getRequestURI acl bypass☆37Oct 13, 2020Updated 5 years ago
- ☆122Jun 7, 2023Updated 2 years ago
- 一个简单的现代化公司域名使用规律预测及生成工具☆388Feb 24, 2022Updated 4 years ago
- A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key …☆268Oct 17, 2025Updated 5 months ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- ☆231Jan 3, 2022Updated 4 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Rust 重构的 sRDI☆17Sep 9, 2024Updated last year