POC for XStream RCE
☆13Dec 23, 2013Updated 12 years ago
Alternatives and similar repositories for XStreamPOC
Users that are interested in XStreamPOC are comparing it to the libraries listed below
Sorting:
- CVE-2020-5902☆10Jul 11, 2020Updated 5 years ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data☆26Jul 12, 2021Updated 4 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 7 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆44Dec 17, 2023Updated 2 years ago
- This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).☆17Jun 4, 2021Updated 4 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- --= Xt9 - Anti - Rootkit =-- beta v0.11 by xti9er☆15Dec 16, 2020Updated 5 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- A collection of published exploits and proof-of-concept code.☆21Dec 19, 2017Updated 8 years ago
- Declarative syntax for defining sets of URLs. No need for error-prone regexs.☆20Apr 24, 2019Updated 6 years ago
- fastjson auto type derivation search☆21Aug 19, 2021Updated 4 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- 一个简单的NIDS系统☆15May 17, 2017Updated 8 years ago
- [CVE-2020-1948] Apache Dubbo Provider default deserialization cause RCE☆18Mar 17, 2025Updated last year
- 前端xss防火墙☆13Apr 3, 2017Updated 8 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆74Nov 27, 2013Updated 12 years ago
- Access the process event connector in linux kernels from Python.☆27Oct 21, 2021Updated 4 years ago
- Winning submission for the GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 25, 2020Updated 5 years ago
- A walkthrough of security controls for a serverless architecture via a demo application☆11May 11, 2022Updated 3 years ago
- ☆16Jul 25, 2023Updated 2 years ago
- CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit☆25Sep 4, 2018Updated 7 years ago
- A static byte code analyzer for Java deserialization gadget research☆251Apr 17, 2017Updated 8 years ago
- bypass JEP290 RaspHook code☆63Sep 21, 2020Updated 5 years ago
- PoC of CVE-2020-0108☆11Aug 5, 2020Updated 5 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Jan 14, 2022Updated 4 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- Repository to host scripts discussed in https://www.notsosecure.com/crafting-way-json-web-tokens/☆15Aug 4, 2018Updated 7 years ago
- CVE-2017-10271 POC☆29Jan 10, 2018Updated 8 years ago
- ☆11Mar 19, 2022Updated 4 years ago
- S2-055的环境,基于rest-show-case改造☆37Dec 7, 2017Updated 8 years ago
- Jboss Java Deserialization RCE (CVE-2017-12149)☆13Aug 22, 2019Updated 6 years ago
- shiro反序列化检测(只是个玩具23333)☆10Jan 16, 2024Updated 2 years ago
- WARNING: This is a vulnerable application to test the exploit for the Spring Break vulnerability (CVE-2017-8046). Run it at your own risk…☆14Oct 8, 2018Updated 7 years ago
- ☆14Sep 30, 2020Updated 5 years ago