mogwailabs / rmi-deserializationLinks
Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
☆100Updated 5 years ago
Alternatives and similar repositories for rmi-deserialization
Users that are interested in rmi-deserialization are comparing it to the libraries listed below
Sorting:
- A vulnerable application exposing Spring Boot Actuators☆122Updated 6 years ago
- ☆111Updated 5 years ago
- ☆71Updated 2 years ago
- Apache Tomcat + MongoDB Remote Code Execution☆114Updated 4 years ago
- Exploitation Tool for CVE-2017-3066 targeting Adobe Coldfusion 11/12☆95Updated 2 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆73Updated 11 years ago
- kibana < 6.6.0 未授权远程代码命令执行 (Need Timelion And Canvas),CVE-2019-7609☆89Updated 5 years ago
- bypass JEP290 RaspHook code☆62Updated 4 years ago
- Native Java-based deserialization exploit for WebLogic T3 (and T3S) listeners.☆35Updated 5 years ago
- ☆58Updated 5 years ago
- GreHack 2021 CodeQL for Java workshop☆75Updated 3 years ago
- fastjson-1.2.47☆66Updated 5 years ago
- GitLab 11.4.7 SSRF配合redis远程执行代码☆123Updated 6 years ago
- Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database☆106Updated 5 years ago
- https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet☆50Updated 3 years ago
- Native Java serialization filter blacklist for common gadgets☆20Updated 5 years ago
- JRE8u20_RCE_Gadget☆251Updated 8 years ago
- exploit Apache Flink Web Dashboard unauth rce on right way by python2 scripts☆91Updated 5 years ago
- 知识星球《漏洞百出》最新 20条 Topic☆113Updated 3 years ago
- Java After-Deserialization Attack☆79Updated 4 years ago
- ☆78Updated 4 years ago
- Zimbra XXE+SSRF+UPLOAD Poc☆59Updated 5 years ago
- cve-2020-0688☆163Updated 5 years ago
- poison and relay NTLM credentials☆175Updated 6 years ago
- Apache Solr DataImport Handler RCE☆91Updated 5 years ago
- Apache Solr RCE via Velocity template☆112Updated 5 years ago
- Java 反序列化学习的实验代码 Java_deserialize_vuln_lab☆87Updated 6 years ago
- CVE-2020-36179~82 Jackson-databind SSRF&RCE☆81Updated 4 years ago
- CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE☆106Updated 5 years ago
- A fake JDBC driver that allows OS command execution.☆124Updated 2 years ago