Sample Spring Boot App Demonstrating RCE via Exposed env Actuator and H2 Database
☆108Jan 26, 2020Updated 6 years ago
Alternatives and similar repositories for spring-boot-actuator-h2-rce
Users that are interested in spring-boot-actuator-h2-rce are comparing it to the libraries listed below
Sorting:
- Redis RCE 的几种方法☆90Jun 5, 2024Updated last year
- jolokia-exploitation-toolkit☆311Dec 19, 2024Updated last year
- A vulnerable application exposing Spring Boot Actuators☆123Feb 25, 2019Updated 7 years ago
- A wrapper around jq, to help you parse jq output!☆30Aug 23, 2020Updated 5 years ago
- SQL Server Reporting Services(CVE-2020-0618)中的RCE☆198Feb 15, 2020Updated 6 years ago
- -☆11Nov 21, 2020Updated 5 years ago
- Read Navicat 12 Password☆19Jun 7, 2020Updated 5 years ago
- ☆423Jan 5, 2022Updated 4 years ago
- LANGZI_SRC_安全巡航 是一款集成漏扫,验证,资产监控,自动复现并且生成结果表报的工具,实现初衷是为了帮助白帽子在SRC中节约时间成本的自动化工具。☆14Jul 7, 2019Updated 6 years ago
- Retrieve the complete build history for every job ever created and executed on a given Jenkins instance.☆67Apr 25, 2025Updated 10 months ago
- List of special metadata IPs used in cloud services☆11Aug 9, 2019Updated 6 years ago
- Keep track of changes in website with WEBSY☆35May 22, 2023Updated 2 years ago
- There is no pre-auth RCE in Jenkins since May 2017, but this is the one!☆607May 17, 2019Updated 6 years ago
- SSRF to TCP Port Scanning, Banner and Private IP Disclosure by abusing the FTP protocol/clients☆70Jul 29, 2021Updated 4 years ago
- woodpecker框架专用bcel库☆12Apr 30, 2021Updated 4 years ago
- Some payloads of JNDI Injection in JDK 1.8.0_191+☆484Dec 9, 2020Updated 5 years ago
- 跟.net相关的学习☆88Jun 24, 2024Updated last year
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆279Feb 11, 2021Updated 5 years ago
- Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.☆612Mar 4, 2021Updated 5 years ago
- Burp Suite extension for parsing Swagger web service definition files☆19Jul 15, 2025Updated 8 months ago
- A tool to embed XXE and XSS payloads in docx, odt, pptx, xlsx files (oxml_xxe on steroids)☆679Jan 28, 2024Updated 2 years ago
- Apache Solr Injection Research☆580Jan 28, 2020Updated 6 years ago
- 泛微ecology OA系统接口存在数据库配置信息泄露漏洞☆50Jul 13, 2020Updated 5 years ago
- CobaltStrike Extentions☆40Oct 24, 2021Updated 4 years ago
- Use HTTP Smuggling Lab to learn HTTP Smuggling.☆346Nov 20, 2022Updated 3 years ago
- websocket-connection-smuggler☆66Jan 22, 2020Updated 6 years ago
- A byte code analyzer for finding deserialization gadget chains in Java applications☆1,080Jun 15, 2021Updated 4 years ago
- ☆13Feb 9, 2022Updated 4 years ago
- Reverse engineers GQL Schema and generates template payloads☆46Apr 5, 2019Updated 6 years ago
- ☆65Dec 9, 2020Updated 5 years ago
- A proof-of-concept tool for detection and exploitation Object Injection Vulnerabilities in .NET applications☆63Jan 29, 2021Updated 5 years ago
- CVE-2020-5410 Spring Cloud Config directory traversal vulnerability☆31Jun 16, 2020Updated 5 years ago
- SubdomainDB is a simple self-hosted API that allows you to maintain your own subdomain database.☆31Jan 8, 2018Updated 8 years ago
- tetctf2020_amf_writeups☆23Jan 3, 2021Updated 5 years ago
- Exfiltrate blind Remote Code Execution and SQL injection output over DNS via Burp Collaborator.☆277Jan 28, 2025Updated last year
- Client Side Prototype Pollution Scanner☆523Sep 17, 2022Updated 3 years ago
- JRE8u20_RCE_Gadget☆255Jul 1, 2016Updated 9 years ago
- SpringBoot_Actuator_RCE☆95May 26, 2020Updated 5 years ago
- POC for CVE-2018-1273☆24Jun 5, 2018Updated 7 years ago