POC for XStream RCE
☆13Dec 23, 2013Updated 12 years ago
Alternatives and similar repositories for XStreamPOC
Users that are interested in XStreamPOC are comparing it to the libraries listed below
Sorting:
- PoC for Scala and Groovy☆14Apr 4, 2016Updated 9 years ago
- java 漏洞平台包含各种CVE☆23Jun 17, 2022Updated 3 years ago
- CVE-2020-5902☆10Jul 11, 2020Updated 5 years ago
- Some PoC (Proof-of-Concept) about vulnerability of java deserialization of untrusted data☆26Jul 12, 2021Updated 4 years ago
- ☆13Feb 17, 2016Updated 10 years ago
- 一个简单的NIDS系统☆15May 17, 2017Updated 8 years ago
- CVE-2018-19276 - OpenMRS Insecure Object Deserialization RCE☆16Mar 11, 2019Updated 6 years ago
- 前端xss防火墙☆13Apr 3, 2017Updated 8 years ago
- Winning submission for the GitHub Security Lab CTF 4: CodeQL and Chill - The Java Edition☆19Jun 25, 2020Updated 5 years ago
- Exploit PoC for Spring RCE issue (CVE-2011-2894)☆44Dec 17, 2023Updated 2 years ago
- Payload generator for Java Binary Deserialization attack with Commons FileUpload (CVE-2013-2186)☆38Apr 14, 2016Updated 9 years ago
- Proof of concept showing how java byte code can be injected through InitialContext.lookup() calls☆42Jan 22, 2016Updated 10 years ago
- This is a Java program that exploits Spring Break vulnerability (CVE-2017-8046).☆17Jun 4, 2021Updated 4 years ago
- ☆16Jul 25, 2023Updated 2 years ago
- --= Xt9 - Anti - Rootkit =-- beta v0.11 by xti9er☆15Dec 16, 2020Updated 5 years ago
- CVE-2017-10271 POC☆29Jan 10, 2018Updated 8 years ago
- Repository to hold materials for DefCon_RESTing presentation by Dinis, Abe and Alvaro☆53Aug 5, 2013Updated 12 years ago
- CVE-2018-6574 POC : golang 'go get' remote command execution during source code build☆24Jan 14, 2022Updated 4 years ago
- A collection of published exploits and proof-of-concept code.☆21Dec 19, 2017Updated 8 years ago
- fastjson auto type derivation search☆21Aug 19, 2021Updated 4 years ago
- Declarative syntax for defining sets of URLs. No need for error-prone regexs.☆20Apr 24, 2019Updated 6 years ago
- Collection of bypass gadgets to extend and wrap ysoserial payloads☆387Apr 16, 2022Updated 3 years ago
- CVE-2017-10366: Oracle PeopleSoft 8.54, 8.55, 8.56 Java deserialization exploit☆25Sep 4, 2018Updated 7 years ago
- 一个专门用于开发安全工具的HTTP类库.☆22Dec 5, 2019Updated 6 years ago
- A static byte code analyzer for Java deserialization gadget research☆252Apr 17, 2017Updated 8 years ago
- xss payloads generator☆25Mar 1, 2019Updated 7 years ago
- shiro反序列化检测(只是个玩具23333)☆10Jan 16, 2024Updated 2 years ago
- ☆23Jun 2, 2017Updated 8 years ago
- 用于快速探测未授权MongoDB数据库结构,取第一条内容,并统计数据数量。A tool for unauthorized MongoDB database , take the first content, and the number of statistical da…☆26Dec 5, 2016Updated 9 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- 修改htcap的数据库为mysql☆24Jul 9, 2017Updated 8 years ago
- bypass JEP290 RaspHook code☆63Sep 21, 2020Updated 5 years ago
- Access the process event connector in linux kernels from Python.☆27Oct 21, 2021Updated 4 years ago
- Web Server that serves a single file and keeps the connection open until user releases it.☆73Nov 27, 2013Updated 12 years ago
- Proof of concept exploit, showing how to do bytecode injection through untrusted deserialization with Spring Framework 4.2.4☆116May 17, 2019Updated 6 years ago
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 7 years ago
- Python script to exploit CVE-2015-4852.☆31Jul 20, 2016Updated 9 years ago
- ☆28Oct 16, 2017Updated 8 years ago
- CVE-2019-3799 - Spring Cloud Config Server: Directory Traversal < 2.1.2, 2.0.4, 1.4.6☆31Apr 18, 2019Updated 6 years ago