The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆86Dec 14, 2021Updated 4 years ago
Alternatives and similar repositories for logbackRceDemo
Users that are interested in logbackRceDemo are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Apache Dubbo漏洞测试Demo及其POC☆64Mar 27, 2023Updated 3 years ago
- ☆298May 7, 2022Updated 4 years ago
- My CodeQL queries collection☆98Aug 28, 2023Updated 2 years ago
- Intentionally Vulnerable to Spring4Shell☆52Apr 1, 2022Updated 4 years ago
- 利用链、漏洞检测工具☆376Jul 31, 2024Updated last year
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- 检测目标Mysql数据库是不是蜜罐☆126Feb 23, 2021Updated 5 years ago
- ☆22Oct 7, 2022Updated 3 years ago
- Java安全路上的学习笔记☆85Feb 24, 2023Updated 3 years ago
- Java反序列化漏洞利用链补全计划,仅用于个人归��纳总结。☆420Dec 3, 2021Updated 4 years ago
- Unofficial Dockerfile and scripts for building CodeQL databases for the OpenJDK☆49Jan 7, 2024Updated 2 years ago
- 利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码☆713May 10, 2021Updated 5 years ago
- ☆91Mar 9, 2022Updated 4 years ago
- Use java instrument API without JAR file☆47Jun 19, 2022Updated 3 years ago
- Apache Log4j 1.2.X存在反序列化远程代码执行漏洞☆78Dec 25, 2019Updated 6 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- 收集了java XXE漏洞的demo及修复方式☆19Mar 11, 2024Updated 2 years ago
- rmi、jndi、ldap、jrmp、jmx、jms一些demo测试☆311Jun 17, 2022Updated 3 years ago
- 注入JVM进程 动态获取目标进程连接的数据库☆344Mar 6, 2022Updated 4 years ago
- ☆21Mar 25, 2022Updated 4 years ago
- CodeQL 寻找 JNDI利用 Lookup接口☆167Apr 10, 2022Updated 4 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- fastjson 1.2.68 版本 autotype bypass☆142Jun 17, 2022Updated 3 years ago
- Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Diffe…☆53Jun 6, 2021Updated 5 years ago
- bypass BeaconEye☆88Sep 9, 2021Updated 4 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Codeql学习笔记☆902Apr 25, 2022Updated 4 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213May 19, 2020Updated 6 years ago
- 恶意软件容器靶机☆107Mar 4, 2021Updated 5 years ago
- 🕳️ Proof of Concept exploits and their descriptions for various products☆26Nov 12, 2024Updated last year
- CodeQL Java 全网最全的中文学习资料☆800Mar 18, 2022Updated 4 years ago
- ☆84Nov 20, 2021Updated 4 years ago
- Fastjson姿势技巧集合☆1,848Oct 20, 2023Updated 2 years ago
- Windows杀软对比和补丁号对比☆55Oct 28, 2019Updated 6 years ago
- springboot getRequestURI acl bypass☆37Oct 13, 2020Updated 5 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- 一个简单的现代化公司域名使用规律预测及生成工具☆389Feb 24, 2022Updated 4 years ago
- ☆123Jun 7, 2023Updated 3 years ago
- A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key …☆268Oct 17, 2025Updated 7 months ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- ☆231Jan 3, 2022Updated 4 years ago
- attackRmi☆258Oct 14, 2020Updated 5 years ago
- Rust 重构的 sRDI☆18Sep 9, 2024Updated last year