SpringBootAdmin-thymeleaf-SSTI which can cause RCE
☆87Jul 18, 2023Updated 2 years ago
Alternatives and similar repositories for SpringBootAdmin-thymeleaf-SSTI
Users that are interested in SpringBootAdmin-thymeleaf-SSTI are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- JDBC Attack Tricks☆154Sep 3, 2023Updated 2 years ago
- Java web路由内存分析工具☆439May 22, 2025Updated 10 months ago
- Some ReadObject Sink With JDBC☆245May 8, 2024Updated last year
- 如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过☆53Sep 10, 2023Updated 2 years ago
- End-to-end encrypted email - Proton Mail • AdSpecial offer: 40% Off Yearly / 80% Off First Month. All Proton services are open source and independently audited for security.
- ☆244Feb 28, 2026Updated last month
- Apache Dubbo漏洞测试Demo及其POC☆64Mar 27, 2023Updated 3 years ago
- 一些结合第三方组件的Fastjson POC,在1.2.48以后版本中陆续被添加至黑名单。☆56Oct 29, 2019Updated 6 years ago
- 无需文件落地Agent内存马生成器☆249May 30, 2024Updated last year
- 一款支持自定义的 Java 回显载荷生成工具|A customizable Java echo payload generation tool.☆462Jan 12, 2025Updated last year
- 通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩,可以做一些破解、加密验证的绕过等操作☆118Jun 18, 2024Updated last year
- Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小☆66Jul 4, 2024Updated last year
- MySQL_Fake_Server-啄木鸟yso适配版☆45Sep 20, 2024Updated last year
- Bypass JVM Class ByteCode Verifier , 对抗反编译器☆116Sep 21, 2023Updated 2 years ago
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- A list for Spring Security☆128Jan 16, 2024Updated 2 years ago
- 命令执行不回显但DNS协议出网的命令回显场景解决方案☆277Jan 10, 2023Updated 3 years ago
- 一款使用Yaml定义搜索规则来搜索Class的工具☆109Aug 2, 2023Updated 2 years ago
- 基于dbcp的fastjson rce 回显☆197Jun 28, 2021Updated 4 years ago
- JDBC Connection URL Attack☆443Sep 10, 2021Updated 4 years ago
- ☆343Mar 6, 2026Updated last month
- 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…☆873Jun 24, 2024Updated last year
- JavaPassDump☆275Jan 7, 2022Updated 4 years ago
- ☆525Sep 16, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧☆754Apr 14, 2021Updated 4 years ago
- ☆24Jan 7, 2025Updated last year
- 用java实现构造openwire协议,利用activeMQ < 5.18.3 RCE 回显利用 内存马注入☆288Nov 20, 2023Updated 2 years ago
- JNDI在java高版本的利用工具,FUZZ利用链☆600Oct 8, 2022Updated 3 years ago
- ☆296May 7, 2022Updated 3 years ago
- 通过正则搜索、批量反编译特定Jar包中的class名称☆321Dec 9, 2021Updated 4 years ago
- 抽离出 utf-8-overlong-encoding 的序列化逻辑,实现 2 3 字节加密序列化数组☆140Mar 11, 2024Updated 2 years ago
- fastjson 80 远程代码执行漏洞复现☆199Sep 7, 2022Updated 3 years ago
- ☆253Feb 25, 2024Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
- 一款高性能 HTTP 内存代理 | 哥斯拉插件 | readteam | 红队 | 内存马 | Suo5 | Godzilla | 正向代理☆288Aug 8, 2023Updated 2 years ago
- 用友 nc 系列密码解密☆62Apr 7, 2023Updated 3 years ago
- 之前方便自己研究RASP原理和绕过时顺手写的,用于快速启动和重置RASP环境☆72Oct 13, 2024Updated last year
- ☆232Jan 3, 2022Updated 4 years ago
- ☆147Jan 16, 2023Updated 3 years ago
- 不那么一样的 Java Agent 内存马☆289Nov 27, 2023Updated 2 years ago
- 纯 Java 实现的 MySQL Fake Server | 支持 GUI 版和命令行版 | 支持反序列化和文件读取的利用方式 | 支持常见的 GADGET 和自定义 GADGET 数据 | 根据目标环境自动生成匹配的 PAYLOAD | 支持 PGSQL 和 DERBY …☆825Sep 18, 2023Updated 2 years ago