An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
☆124Jan 9, 2018Updated 8 years ago
Alternatives and similar repositories for jackson-rce-via-spel
Users that are interested in jackson-rce-via-spel are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆583Sep 7, 2021Updated 4 years ago
- ☆34Jul 17, 2019Updated 6 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.☆18Feb 21, 2019Updated 7 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 9 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A Java serializer in JavaScript☆80May 21, 2018Updated 7 years ago
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- ☆133Nov 6, 2015Updated 10 years ago
- ☆19Mar 27, 2020Updated 6 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆405Oct 2, 2020Updated 5 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 7 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Confluence Widget Connector RCE☆39Apr 10, 2019Updated 6 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆298Jun 10, 2019Updated 6 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- JNDI Attacking Tool☆246Jul 11, 2022Updated 3 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- PoC for CVE-2018-15133 (Laravel unserialize vulnerability)☆260Mar 10, 2024Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits☆253Nov 5, 2019Updated 6 years ago
- Jackson Rce For CVE-2019-12384☆102Jul 24, 2019Updated 6 years ago
- Apache Solr Injection Research☆580Jan 28, 2020Updated 6 years ago
- ☆41Nov 9, 2018Updated 7 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- 几条关于CVE-2020-15148(yii2反序列化)的绕过☆75Sep 21, 2020Updated 5 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆44Dec 17, 2023Updated 2 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- Burp extension to detect alias traversal via NGINX misconfiguration at scale.☆265Nov 18, 2021Updated 4 years ago
- Mogwai Java Management Extensions (JMX) Exploitation Toolkit☆174Jul 21, 2016Updated 9 years ago
- A collection of curated Java Deserialization Exploits☆591May 16, 2021Updated 4 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆74Nov 27, 2013Updated 12 years ago
- Java deserialization exploitation lab.☆236Mar 1, 2019Updated 7 years ago
- Exploit for Adobe Coldfusion BlazeDS Java Object Deserialization RCE☆11Feb 7, 2018Updated 8 years ago
- 各种漏洞poc、Exp的收集或编写☆32Jun 24, 2016Updated 9 years ago