cn-panda / logbackRceDemo
The project is a simple vulnerability Demo environment written by SpringBoot. Here, I deliberately wrote a vulnerability environment where there are arbitrary file uploads, and then use the `scan` attribute in the loghack configuration file to cooperate with the logback vulnerability to implement RCE.
☆83Updated 2 years ago
Related projects ⓘ
Alternatives and complementary repositories for logbackRceDemo
- Intentionally Vulnerable to Spring4Shell☆51Updated 2 years ago
- Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.☆79Updated 3 months ago
- Log4j_dos_CVE-2021-45105☆13Updated 2 years ago
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆36Updated 2 years ago
- ☆141Updated 5 years ago
- spring-cloud-function SpEL RCE, Vultarget & Poc☆133Updated 2 years ago
- ☆14Updated 4 years ago
- Native Java serialization filter blacklist for common gadgets☆20Updated 5 years ago
- Among the existing Log4shell practice materials JNDIExploit v1.2☆38Updated 2 years ago
- 基于JVM-Sandbox实现RASP安全监控防护☆51Updated last year
- 《深入理解IAST交互式应用安全测试》Interactive Application Security Testing.☆12Updated 2 years ago
- A list for Spring Security☆118Updated 10 months ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Updated 5 years ago
- Sample Spring application to Demonstrate the Gateway Actuator☆48Updated 2 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆49Updated 3 years ago
- jasypt Decrypt Encrypt☆14Updated 2 years ago
- 一个针对防御 log4j2 CVE-2021-44228 漏洞的 RASP 工具。 A Runtime Application Self-Protection module specifically designed for log4j2 RCE (CVE-2021-442…☆122Updated 2 years ago
- Java agent without file 无文件的Java agent☆76Updated 2 years ago
- log4j2-vaccine☆85Updated 2 years ago
- A static analysis API for finding deserialization attack gadgets☆38Updated 2 years ago
- 利用agent hock指定的class,在jar运行周期内,用于跟踪被执行的方法,辅助做一些事情,比如挖洞啊☆126Updated 4 years ago
- Apache Solr RCE via Velocity template☆107Updated 5 years ago
- 个人用于在自动化挖掘gadget时,方便查找gadget chains中class所在jar包,以助于便捷审计测试gadget有效性的那么一个小工具。☆60Updated 4 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆93Updated 2 years ago
- java 漏洞平台包含各种CVE☆23Updated 2 years ago
- Low-level RASP: Protecting Applications Implemented in High-level Programming Languages☆56Updated last year
- nmap + masscan scan☆14Updated last year
- WebLogic T3/IIOP RCE ExternalizableHelper.class of coherence.jar☆79Updated 3 years ago
- Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0☆80Updated 5 years ago