mogwailabs / rmi-deserializationLinks
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
☆100Updated 5 years ago
Alternatives and similar repositories for rmi-deserialization
Users that are interested in rmi-deserialization are comparing it to the libraries listed below
Sorting:
- ☆111Updated 5 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆114Updated 4 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Updated 5 years ago
- A vulnerable application exposing Spring Boot Actuators☆122Updated 6 years ago
- kibana < 6.6.0 未授权远程代码命令执行 (Need Timelion And Canvas),CVE-2019-7609☆89Updated 5 years ago
- ☆58Updated 5 years ago
- fastjson-1.2.47☆66Updated 5 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆73Updated 11 years ago
- ☆78Updated 4 years ago
- ☆71Updated 3 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Updated 5 years ago
- Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12☆95Updated 2 years ago
- Apache Solr RCE (ENABLE_REMOTE_JMX_OPTS="true")☆102Updated 5 years ago
- django 漏洞:CVE-2020-7471 Potential SQL injection via StringAgg(delimiter) 的漏洞环境和 POC☆104Updated 5 years ago
- cve-2020-0688☆163Updated 5 years ago
- Apache Solr DataImport Handler RCE☆91Updated 5 years ago
- GreHack 2021 CodeQL for Java workshop☆75Updated 3 years ago
- java xxe defense demo☆48Updated 5 years ago
- FasterXML/jackson-databind 远程代码执行漏洞☆74Updated 5 years ago
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆151Updated 6 years ago
- Java After-Deserialization Attack☆79Updated 4 years ago
- ☆85Updated 5 years ago
- X41 BeanStack - Stack Trace Fingerprinting BETA☆52Updated 4 years ago
- Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()☆80Updated 4 years ago
- A fake JDBC driver that allows OS command execution.☆125Updated 2 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆50Updated 3 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Updated 6 years ago
- bypass JEP290 RaspHook code☆62Updated 4 years ago
- ☆27Updated 4 years ago
- Nexus Repository Manager 3 Remote Code Execution without authentication < 3.15.0☆82Updated 5 years ago