p1n93r/SpringBootAdmin-thymeleaf-SSTI external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

p1n93r/SpringBootAdmin-thymeleaf-SSTI

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/p1n93r/SpringBootAdmin-thymeleaf-SSTI)

Close

p1n93r / SpringBootAdmin-thymeleaf-SSTIView on GitHubMore

• External links
• Readme badge

SpringBootAdmin-thymeleaf-SSTI which can cause RCE

☆86Jul 18, 2023Updated 2 years ago

Alternatives and similar repositories for SpringBootAdmin-thymeleaf-SSTI

Users that are interested in SpringBootAdmin-thymeleaf-SSTI are comparing it to the libraries listed below

• flowerwind / AutoGenerateXalanPayload

  View on GitHub
  cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具，可根据不同的Jdk生成出其所对应的xslt文件
  ☆93Jan 17, 2023Updated 3 years ago
• Y4Sec-Team / mysql-jdbc-tricks

  View on GitHub
  JDBC Attack Tricks
  ☆154Sep 3, 2023Updated 2 years ago
• lz2y / DubboPOC

  View on GitHub
  Apache Dubbo漏洞测试Demo及其POC
  ☆65Mar 27, 2023Updated 2 years ago
• kezibei / fastjson_payload

  View on GitHub
  ☆239Updated this week
• kyo-w / router-router

  View on GitHub
  Java web路由内存分析工具
  ☆437May 22, 2025Updated 9 months ago
• luelueking / Deserial_Sink_With_JDBC

  View on GitHub
  Some ReadObject Sink With JDBC
  ☆243May 8, 2024Updated last year
• whocansee / FilelessAgentMemShell

  View on GitHub
  无需文件落地Agent内存马生成器
  ☆249May 30, 2024Updated last year
• 1ucky7 / MySQL_Fake_Server_for_woodpecker_yso

  View on GitHub
  MySQL_Fake_Server-啄木鸟yso适配版
  ☆45Sep 20, 2024Updated last year
• Esonhugh / yapi-rce-webshell

  View on GitHub
  Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法 相比于其他的利用方式 更加微操和可控 影响更小
  ☆66Jul 4, 2024Updated last year
• pen4uin / java-echo-generator

  View on GitHub
  一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
  ☆461Jan 12, 2025Updated last year
• luelueking / Bypass_JVM_Verifier

  View on GitHub
  Bypass JVM Class ByteCode Verifier , 对抗反编译器
  ☆116Sep 21, 2023Updated 2 years ago
• ax1sX / SpringSecurity

  View on GitHub
  A list for Spring Security
  ☆128Jan 16, 2024Updated 2 years ago
• sv3nbeast / DnslogCmdEcho

  View on GitHub
  命令执行不回显但DNS协议出网的命令回显场景解决方案
  ☆277Jan 10, 2023Updated 3 years ago
• luelueking / ClazzSearcher

  View on GitHub
  一款使用Yaml定义搜索规则来搜索Class的工具
  ☆108Aug 2, 2023Updated 2 years ago
• depycode / fastjson-local-echo

  View on GitHub
  基于dbcp的fastjson rce 回显
  ☆197Jun 28, 2021Updated 4 years ago
• Y4Sec-Team / no-templates

  View on GitHub
  如果反序列化过程中使用resolveClass拉黑了TemplatesImpl如何绕过
  ☆53Sep 10, 2023Updated 2 years ago
• corener / JavaPassDump

  View on GitHub
  JavaPassDump
  ☆272Jan 7, 2022Updated 4 years ago
• su18 / JDBC-Attack

  View on GitHub
  JDBC Connection URL Attack
  ☆440Sep 10, 2021Updated 4 years ago
• welk1n / FastjsonPocs

  View on GitHub
  一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。
  ☆56Oct 29, 2019Updated 6 years ago
• Hutt0n0 / ActiveMqRCE

  View on GitHub
  用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用 内存马注入
  ☆288Nov 20, 2023Updated 2 years ago
• Bl0omZ / JNDIEXP

  View on GitHub
  JNDI在java高版本的利用工具,FUZZ利用链
  ☆597Oct 8, 2022Updated 3 years ago
• luelueking / RuoYi-v4.7.8-RCE-POC

  View on GitHub
  ☆250Feb 25, 2024Updated 2 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆754Apr 14, 2021Updated 4 years ago
• Rvn0xsy / DumperAnalyze

  View on GitHub
  通过JavaAgent与Javassist技术对JVM加载的类对象进行动态插桩，可以做一些破解、加密验证的绕过等操作
  ☆116Jun 18, 2024Updated last year
• su18 / hack-fastjson-1.2.80

  View on GitHub
  ☆524Sep 16, 2022Updated 3 years ago
• BeichenDream / Chunk-Proxy

  View on GitHub
  ☆295May 7, 2022Updated 3 years ago
• TonyNPham / GodzillaPlugin-Suo5-MemProxy

  View on GitHub
  一款高性能 HTTP 内存代理 | 哥斯拉插件 | readteam | 红队 | 内存马 | Suo5 | Godzilla | 正向代理
  ☆288Aug 8, 2023Updated 2 years ago
• kezibei / Urldns

  View on GitHub
  ☆342Oct 11, 2025Updated 4 months ago
• Lonely-night / fastjsonVul

  View on GitHub
  fastjson 80 远程代码执行漏洞复现
  ☆199Sep 7, 2022Updated 3 years ago
• Whoopsunix / PPPYSO

  View on GitHub
  proof-of-concept for generating Java deserialization payload | Proxy MemShell
  ☆221Jun 8, 2024Updated last year
• cckuailong / JNDI-Injection-Exploit-Plus

  View on GitHub
  80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background serv…
  ☆866Jun 24, 2024Updated last year
• yzddmr6 / Java-Js-Engine-Payloads

  View on GitHub
  Java Js Engine Payloads All in one
  ☆289Aug 21, 2023Updated 2 years ago
• achuna33 / Memoryshell-JavaALL

  View on GitHub
  收集内存马打入方式
  ☆506May 20, 2022Updated 3 years ago
• threedr3am / jar-compatibility-detector

  View on GitHub
  安全升级jar包时，辅助检测Java Archive (JAR) 包之间兼容性，各类符号引用的存在检测，包括方法、方法签名、字段定义和引用、类引用等等
  ☆14Jul 7, 2024Updated last year
• rzte / agentcrack

  View on GitHub
  不那么一样的 Java Agent 内存马
  ☆289Nov 27, 2023Updated 2 years ago
• Ppsoft1991 / CodeReviewTools

  View on GitHub
  通过正则搜索、批量反编译特定Jar包中的class名称
  ☆320Dec 9, 2021Updated 4 years ago
• whami-root / SSLShell

  View on GitHub
  ☆24Jan 7, 2025Updated last year
• A-D-Team / attackRmi

  View on GitHub
  ☆232Jan 3, 2022Updated 4 years ago
• minhangxiaohui / JavaAgentMemshell

  View on GitHub
  JavaAgent内存马实现、检测、修复demo
  ☆11Dec 7, 2022Updated 3 years ago