RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420)
☆133Jan 19, 2023Updated 3 years ago
Alternatives and similar repositories for Rails-doubletap-RCE
Users that are interested in Rails-doubletap-RCE are comparing it to the libraries listed below
Sorting:
- CVE-2019-5418 - File Content Disclosure on Ruby on Rails☆201Apr 5, 2021Updated 4 years ago
- A multi-threaded Golang scanner to identify Ruby endpoints vulnerable to CVE-2019-5418☆35Mar 21, 2019Updated 6 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 6 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- ☆34Jul 17, 2019Updated 6 years ago
- CVE-2018-16341 - Nuxeo Remote Code Execution without authentication using Server Side Template Injection☆24Jun 5, 2019Updated 6 years ago
- RCE on Apache Solr using deserialization of untrusted data via jmx.serviceUrl☆210Mar 10, 2019Updated 6 years ago
- Apache Solr Injection Research☆579Jan 28, 2020Updated 6 years ago
- CVE-2019-6340-Drupal SA-CORE-2019-003☆32Feb 24, 2019Updated 7 years ago
- Apache Solr DataImport Handler RCE☆91Aug 12, 2019Updated 6 years ago
- PoC for CVE-2018-1002105.☆222Dec 21, 2018Updated 7 years ago
- Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)☆364Jan 11, 2020Updated 6 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Jan 14, 2022Updated 4 years ago
- exploit for ImageMagick's uninitialized memory disclosure in gif coder☆284Jul 22, 2017Updated 8 years ago
- ecshop rce getshell☆31Dec 5, 2018Updated 7 years ago
- CVE-2019-11580 Atlassian Crowd and Crowd Data Center RCE☆106Jul 18, 2019Updated 6 years ago
- Jenkins RCE PoC. From unauthenticated user to remote code execution, it's a hacker's dream!☆297Jun 10, 2019Updated 6 years ago
- CVE-2018-13379☆254Aug 14, 2019Updated 6 years ago
- Jenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (…☆316Apr 1, 2019Updated 6 years ago
- flash 劫持轮子,CSRF,劫持,跳转,swf 有需求可以提issues ,src挖掘,劫持response☆86Nov 9, 2019Updated 6 years ago
- SAP Gateway RCE exploits☆158Sep 7, 2020Updated 5 years ago
- CVE-2018-8021 Proof-Of-Concept and Exploit☆106Dec 3, 2018Updated 7 years ago
- A tool to bruteforce nameservers when working with subdomain delegations to AWS.☆58Aug 22, 2019Updated 6 years ago
- CatchMail can be used to find some email addresses!☆73May 22, 2023Updated 2 years ago
- Broken Link Hijacking Burp Extension☆57Sep 13, 2019Updated 6 years ago
- Pulse Secure SSL VPN pre-auth file reading☆50Aug 26, 2019Updated 6 years ago
- CVE-2020-8163 - Remote code execution of user-provided local names in Rails☆61Dec 14, 2022Updated 3 years ago
- An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions☆124Jan 9, 2018Updated 8 years ago
- PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service☆111Aug 21, 2018Updated 7 years ago
- Fetch known urls from AlienVault's Open Threat Exchange for given hosts☆63Jul 22, 2019Updated 6 years ago
- All about CVE-2018-14667; From what it is to how to successfully exploit it.☆50Nov 30, 2018Updated 7 years ago
- CVE-2019-0604☆133Mar 22, 2019Updated 6 years ago
- Some of my exploits.☆600Feb 25, 2021Updated 5 years ago
- Learn how to get a reverse shell from JIRA application server☆24Dec 2, 2018Updated 7 years ago
- Hunting Bugs for Fun and Profit☆275Jul 29, 2020Updated 5 years ago
- Spring Boot Actuator (jolokia) XXE/RCE☆324Jun 16, 2020Updated 5 years ago
- WebLogic wls9-async反序列化远程命令执行漏洞☆240May 26, 2019Updated 6 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- Shiro RCE (Padding Oracle Attack)☆148Nov 15, 2019Updated 6 years ago