An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
☆122Jan 9, 2018Updated 8 years ago
Alternatives and similar repositories for jackson-rce-via-spel
Users that are interested in jackson-rce-via-spel are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆582Sep 7, 2021Updated 4 years ago
- ☆34Jul 17, 2019Updated 6 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆105Dec 3, 2018Updated 7 years ago
- Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.☆18Feb 21, 2019Updated 7 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 9 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A Java serializer in JavaScript☆81May 21, 2018Updated 8 years ago
- A static byte code analyzer for Java deserialization gadget research☆253Apr 17, 2017Updated 9 years ago
- ☆136Nov 6, 2015Updated 10 years ago
- ☆19Mar 27, 2020Updated 6 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆405Oct 2, 2020Updated 5 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- ☆72Nov 20, 2017Updated 8 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 7 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 10 years ago
- Confluence Widget Connector RCE☆39Apr 10, 2019Updated 7 years ago
- A fake JDBC driver that allows OS command execution.☆126Oct 2, 2022Updated 3 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 8 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!