hengyunabc / dubbo-apache-commons-collections-bugView external linksLinks
演示dubbo rpc Apache commons collections 的Java序�列化漏洞
☆42Nov 13, 2015Updated 10 years ago
Alternatives and similar repositories for dubbo-apache-commons-collections-bug
Users that are interested in dubbo-apache-commons-collections-bug are comparing it to the libraries listed below
Sorting:
- cve-2018-2894 不同别人的利用方法。☆15Dec 1, 2025Updated 2 months ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- Java通用漏洞修复安全组件☆60Jul 12, 2025Updated 7 months ago
- ☆33Dec 6, 2022Updated 3 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Nov 20, 2019Updated 6 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- ☆13Apr 11, 2018Updated 7 years ago
- CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC☆87Dec 15, 2022Updated 3 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 6 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- Java层frida hook学习笔记 https://uknowsec.cn☆47Feb 6, 2020Updated 6 years ago
- ☆18Jun 23, 2017Updated 8 years ago
- The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.☆19Apr 9, 2018Updated 7 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆101Sep 20, 2019Updated 6 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆52Dec 3, 2025Updated 2 months ago
- fastjson remote code execute poc 直接用intellij IDEA打开即可 首先编译得到Test.class,然后运行Poc.java☆403Dec 16, 2022Updated 3 years ago
- weblogic t3 deserialization rce☆268Jul 13, 2017Updated 8 years ago
- Tests for different parsers from Ruby, Python, .NET, PHP, Perl, Java☆55Jul 21, 2016Updated 9 years ago
- Confluence Widget Connector path traversal (CVE-2019-3396)☆22Oct 4, 2019Updated 6 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Mar 2, 2020Updated 5 years ago
- QAQ Just study unserialize vulnerabilities in Java :)☆196Aug 22, 2018Updated 7 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Nov 26, 2018Updated 7 years ago
- 用于演示Java Web项目中,漏洞的成因及修复方案,可用于黑盒测试和白盒测试,部分修复方案可用于生产环境。☆43Apr 20, 2018Updated 7 years ago
- oauth2研究: 实现代码、漏洞利用、修复方案☆19May 21, 2019Updated 6 years ago
- A command-line fuzzer for the Apache JServ Protocol (ajp13)☆95Nov 15, 2022Updated 3 years ago
- Weblogic-CVE-2018-3191远程代码命令执行漏洞☆68Oct 24, 2018Updated 7 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 6 years ago
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas!☆10Apr 30, 2020Updated 5 years ago
- Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.☆12Sep 30, 2018Updated 7 years ago
- OpenRASP Agent容器编译环境,助力二次开发。☆12Apr 28, 2022Updated 3 years ago
- PoC: process watcher patterns to make killing a process hard.☆11Aug 1, 2018Updated 7 years ago
- https://jira.atlassian.com/browse/JRASERVER-69793☆10Sep 16, 2019Updated 6 years ago
- This is the linux version of the R.A.T client written in c#☆10Jun 25, 2017Updated 8 years ago
- fastjson远程命令执行漏洞,jndi方式☆40Dec 7, 2017Updated 8 years ago
- ☆12Aug 5, 2015Updated 10 years ago