mogwailabs / deserialization-filter-blacklistsLinks
Native Java serialization filter blacklist for common gadgets
☆20Updated 5 years ago
Alternatives and similar repositories for deserialization-filter-blacklists
Users that are interested in deserialization-filter-blacklists are comparing it to the libraries listed below
Sorting:
- POC for leaking java version through file and ftp protocols☆24Updated 4 years ago
- Spring Boot Actuator + Spring Cloud Vul Env☆19Updated 5 years ago
- ☆1Updated 6 years ago
- FasterXML/jackson-databind 远程代码执行漏洞☆74Updated 5 years ago
- Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"☆100Updated 5 years ago
- 总结了一下2019年在JVM环境中使用XXE攻击的知识☆57Updated 5 years ago
- ☆28Updated 5 years ago
- Papers☆34Updated 5 years ago
- ☆58Updated 5 years ago
- kibana < 6.6.0 未授权远程代码命令执行 (Need Timelion And Canvas),CVE-2019-7609☆89Updated 5 years ago
- Some debug notes and exploit(not blind)☆40Updated 6 years ago
- CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC☆86Updated 2 years ago
- 针对域名/页面的接口爬取,递归模式入库☆22Updated 5 years ago
- Apache Log4j 1.2.X存在反序列化远程代码执行漏洞☆78Updated 5 years ago
- a Burp Extender that add an random X-Forward-For IP address for each request☆31Updated 8 years ago
- fastjson-1.2.61-RCE☆33Updated 5 years ago
- 几条关于CVE-2020-15148(yii2反序列化)的绕过☆75Updated 4 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Updated 6 years ago
- ☆18Updated 7 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Updated 6 years ago
- ☆18Updated 7 years ago
- A fastjson payload generator☆58Updated 4 years ago
- ☆15Updated 2 years ago
- Nagios XI远程命令执行漏洞 <v5.6.9☆23Updated 5 years ago
- Dependencies with Log4j2 Checklist☆35Updated 3 years ago
- ☆14Updated 7 years ago
- 漏洞测试环境 - 方便写扫描器利用复现☆27Updated 5 years ago
- Java After-Deserialization Attack☆79Updated 4 years ago
- autoType enable☆36Updated 5 years ago
- Shiro_721 exp 纯手工实现Padding Oracle整个过程☆67Updated 5 years ago