iiiusky / javaweb-codereview

Related projects ⓘ

Alternatives and complementary repositories for javaweb-codereview

• SummerSec / LookupInterface
  CodeQL 寻找 JNDI利用 Lookup接口
  ☆161Updated 2 years ago
• welk1n / FastjsonPocs
  一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
  ☆55Updated 5 years ago
• TomAPU / ThinkPHP-Unserialize-Collection
  ThinkPHP各版本反序列化利用代码
  ☆32Updated 4 years ago
• JulianWu520 / ysoserial-mangguogan
  ☆4Updated 4 years ago
• Afant1 / JavaSearchTools
  ☆61Updated 4 years ago
• bit4woo / secqa
  解答开发关于安全漏洞的常见问题
  ☆41Updated 4 years ago
• sry309 / jniwebshell
  ☆41Updated 5 years ago
• 0linlin0 / Java
  java
  ☆54Updated last year
• H3rmesk1t / Fastjson-Gadgets-Automatic-Scanner
  Automatically scan jar packages by using ast to find fastjson gadgets. In particular, this project is limited to mining Gadgets that may …
  ☆50Updated 2 years ago
• xhycccc / Shiro-Vuln-Demo
  Shiro漏洞实例源码
  ☆25Updated 3 years ago
• cckuailong / YarnRpcRCE
  ☆81Updated 2 years ago
• threedr3am / fastjson-blacklist
  打CTF实在厌倦了找利用链，就知道一个fastjson的版本，一堆依赖找啊找，头都疼。为了解决这个烦恼，用了卓卓师傅的fastjson黑名单工具和库，自己改造了一下。
  ☆32Updated 4 years ago
• iSafeBlue / redis-rce
  Redis RCE 的几种方法
  ☆90Updated 5 months ago
• SummerSec / BlogPapers
  <a href="sumsec.me"><img src="https://readme-typing-svg.demolab.com?font=Fira+Code&size=24&pause=1000&color=FDFDFD&background=13797800&ce…
  ☆53Updated this week
• HackJava / Spring
  《Spring漏洞研究》
  ☆44Updated 2 years ago
• bitterzzZZ / CVE-2021-43297-POC
  CVE-2021-43297 POC，Apache Dubbo<= 2.7.13时可以实现RCE
  ☆38Updated 2 years ago
• wuppp / releaseBehinderShell
  卸载冰蝎内存马
  ☆68Updated 3 years ago
• langligelang / maobugs
  java 漏洞平台包含各种CVE
  ☆23Updated 2 years ago
• ldbfpiaoran / springboot-acl-bypass
  springboot getRequestURI acl bypass
  ☆37Updated 4 years ago
• OneSourceCat / XxlJob-Hessian-RCE
  XxlJob<=2.1.2配置不当情况下反序列化RCE
  ☆70Updated 4 years ago
• 0xrumble / BytecodeScreen
  ☆51Updated 2 years ago
• longofo / Apache-Dubbo-Hessian2-CVE-2021-43297
  Apache Dubbo Hessian2 CVE-2021-43297 demo
  ☆46Updated 2 years ago
• SecCoder-Security-Lab / spring-cloud-netflix-hystrix-dashboard-cve-2021-22053
  Spring Cloud Netflix Hystrix Dashboard template resolution vulnerability CVE-2021-22053
  ☆37Updated last year
• xiaopan233 / Java_agent_without_file
  Java agent without file 无文件的Java agent
  ☆76Updated 2 years ago
• Y4er / javaagent-tomcat-memshell
  使用java agent反序列化注入内存shell
  ☆67Updated 4 years ago
• 1135 / Kong_exploit
  ☆41Updated 4 years ago
• Ant-FG-Lab / non_RCE
  ☆41Updated 3 years ago