irsl / jackson-rce-via-spelView external linksLinks
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
☆124Jan 9, 2018Updated 8 years ago
Alternatives and similar repositories for jackson-rce-via-spel
Users that are interested in jackson-rce-via-spel are comparing it to the libraries listed below
Sorting:
- Automatically identify deserialisation issues in Java and .NET applications by using active and passive scans☆584Sep 7, 2021Updated 4 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- A Java serializer in JavaScript☆81May 21, 2018Updated 7 years ago
- ☆34Jul 17, 2019Updated 6 years ago
- Bypassing disabled exec functions in PHP (c) CRLF☆406Oct 2, 2020Updated 5 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 6 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆297Jun 10, 2019Updated 6 years ago
- ☆133Nov 6, 2015Updated 10 years ago
- Native Java serialization filter blacklist for common gadgets☆20Sep 12, 2019Updated 6 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Confluence Widget Connector RCE☆39Apr 10, 2019Updated 6 years ago
- Exploiting CVE-2017-7525 demo project with Angular7 frontend and Spring.☆18Feb 21, 2019Updated 6 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- A fake JDBC driver that allows OS command execution.☆125Oct 2, 2022Updated 3 years ago
- A proof of concept that demonstrates asynchronous scanning for Java deserialization bugs☆55Mar 27, 2017Updated 8 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆613Mar 4, 2021Updated 4 years ago
- cve-2018-2894 不同别人的利用方法。☆15Dec 1, 2025Updated 2 months ago
- ☆72Nov 20, 2017Updated 8 years ago
- ☆41Nov 9, 2018Updated 7 years ago
- JNDI Attacking Tool☆246Jul 11, 2022Updated 3 years ago
- ☆14Apr 23, 2019Updated 6 years ago
- PoC for CVE-2018-15133 (Laravel unserialize vulnerability)☆258Mar 10, 2024Updated last year
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- Struts2の脆弱性S2-045, S2-055 および Jackson の脆弱性 CVE-2017-7525, CVE-2017-15095 の調査報告☆107Dec 13, 2017Updated 8 years ago
- Java RMI enumeration and attack tool.☆745Sep 28, 2017Updated 8 years ago
- QAQ Just study unserialize vulnerabilities in Java :)☆196Aug 22, 2018Updated 7 years ago
- This tool is designed to simplify and automate the extraction and organization of useful data from Cobalt Strike logs.☆18Apr 24, 2019Updated 6 years ago
- This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits☆252Nov 5, 2019Updated 6 years ago
- Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (…☆316Apr 1, 2019Updated 6 years ago
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- ☆153Jun 24, 2019Updated 6 years ago
- Multi-language web CGI interfaces exploits.☆399Aug 22, 2022Updated 3 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆386Apr 16, 2022Updated 3 years ago
- ☆17Oct 25, 2018Updated 7 years ago
- Java-Web-Security - Sichere Webanwendungen mit Java entwickeln☆220Updated this week
- A collection of curated Java Deserialization Exploits☆592May 16, 2021Updated 4 years ago
- Java Agent which mitigates deserialisation attacks by making certain classes unserializable☆191May 17, 2016Updated 9 years ago
- Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)☆364Jan 11, 2020Updated 6 years ago
- Spring messaging STOMP protocol RCE☆113Apr 12, 2018Updated 7 years ago