welk1n/FastjsonPocs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

welk1n/FastjsonPocs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/welk1n/FastjsonPocs)

Close

welk1n / FastjsonPocsView on GitHubMore

• External links
• Readme badge

一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。

☆56Oct 29, 2019Updated 6 years ago

Alternatives and similar repositories for FastjsonPocs

Users that are interested in FastjsonPocs are comparing it to the libraries listed below

• r00t4dm / aLIEz

  View on GitHub
  ☆198Sep 26, 2024Updated last year
• keven1z / weblogic_memshell

  View on GitHub
  适用于weblogic和Tomcat的无文件的内存马(memshell)
  ☆269Mar 4, 2022Updated 4 years ago
• iSafeBlue / fastjson-autotype-bypass-demo

  View on GitHub
  fastjson 1.2.68 版本 autotype bypass
  ☆142Jun 17, 2022Updated 3 years ago
• haby0 / sec-note

  View on GitHub
  记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。
  ☆117Dec 30, 2021Updated 4 years ago
• Y4er / WebLogic-Shiro-shell

  View on GitHub
  WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
  ☆535Aug 25, 2020Updated 5 years ago
• depycode / fastjson-c3p0

  View on GitHub
  fastjson不出网利用、c3p0
  ☆256Jul 30, 2021Updated 4 years ago
• z1Ro0 / tomcat_nofile_webshell

  View on GitHub
  Tomcat基于动态注册Filter的无文件Webshell
  ☆26Jun 20, 2020Updated 5 years ago
• Fushuling / fastjson_mysql

  View on GitHub
  Fastjson + MySQL 条件下不出网利用测试环境
  ☆49Dec 6, 2025Updated 2 months ago
• timwhitez / Ortau

  View on GitHub
  一个用于隐藏C2的、开箱即用的反向代理服务器。旨在省去繁琐的配置Nginx服务的过程。
  ☆13Feb 14, 2022Updated 4 years ago
• p1n93r / SpringBootAdmin-thymeleaf-SSTI

  View on GitHub
  SpringBootAdmin-thymeleaf-SSTI which can cause RCE
  ☆86Jul 18, 2023Updated 2 years ago
• su18 / JDBC-Attack

  View on GitHub
  JDBC Connection URL Attack
  ☆440Sep 10, 2021Updated 4 years ago
• jweny / shiro-cve-2020-17523

  View on GitHub
  shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境
  ☆119Feb 7, 2021Updated 5 years ago
• hosch3n / FastjsonVulns

  View on GitHub
  [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
  ☆91Sep 2, 2022Updated 3 years ago
• feihong-cs / jre8u20_gadget

  View on GitHub
  jre8u20 gadget
  ☆34May 23, 2021Updated 4 years ago
• b0bac / GetMail

  View on GitHub
  利用NTLM Hash读取Exchange邮件
  ☆441Jan 7, 2025Updated last year
• kezibei / fastjson_payload

  View on GitHub
  ☆239Feb 24, 2026Updated last week
• Sakurasan / scf-proxy

  View on GitHub
  云函数代理服务
  ☆420Jun 6, 2025Updated 8 months ago
• Litch1-v / behinder-clone

  View on GitHub
  魔改的冰蝎，仅供测试连接内存webshell使用
  ☆38Aug 26, 2020Updated 5 years ago
• Hzllaga / JsLoader

  View on GitHub
  js免杀shellcode，绕过杀毒添加自启
  ☆354Mar 16, 2021Updated 4 years ago
• QAX-A-Team / WeblogicEnvironment

  View on GitHub
  Weblogic环境搭建工具
  ☆796Apr 23, 2020Updated 5 years ago
• west9b / Weaver-Eoffice-getshell

  View on GitHub
  泛微 eoffice10 前台 getshell
  ☆59Aug 22, 2022Updated 3 years ago
• mishmashclone / GrrrDog-Java-Deserialization-Cheat-Sheet

  View on GitHub
  https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
  ☆54Sep 11, 2021Updated 4 years ago
• jas502n / Security_Article

  View on GitHub
  scrapy website Article and link ...
  ☆15Dec 13, 2020Updated 5 years ago
• 404tk / credcollect

  View on GitHub
  Automatic credential collection
  ☆21Aug 17, 2022Updated 3 years ago
• Wrin9 / weaverOA_sql_RCE

  View on GitHub
  泛微OA_V9全版本的SQL远程代码执行漏洞
  ☆157Apr 20, 2022Updated 3 years ago
• pmiaowu / log4j2Scan

  View on GitHub
  用于帮助企业内部快速扫描log4j2的jndi漏洞的burp插件
  ☆213Apr 18, 2023Updated 2 years ago
• f0ng / JavaFileDict

  View on GitHub
  Java应用的一些配置文件字典，来源于公开的字典与平时收集
  ☆321Feb 1, 2024Updated 2 years ago
• novysodope / RMI_Inj_MemShell

  View on GitHub
  rmi打内存马工具，适用于目标用不了ldap的情况
  ☆254Jul 12, 2023Updated 2 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆451Jun 19, 2024Updated last year
• jas502n / Shiro_Xray

  View on GitHub
  CommonsBeanutils1,CommonsCollectionsK1
  ☆58Nov 16, 2020Updated 5 years ago
• su18 / hack-fastjson-1.2.80

  View on GitHub
  ☆524Sep 16, 2022Updated 3 years ago
• Airboi / Citrix-ADC-RCE-CVE-2020-8193

  View on GitHub
  Citrix ADC从权限绕过到RCE
  ☆45Jul 12, 2020Updated 5 years ago
• depycode / fastjson-local-echo

  View on GitHub
  基于dbcp的fastjson rce 回显
  ☆197Jun 28, 2021Updated 4 years ago
• potats0 / javaSerializationTools

  View on GitHub
  ☆143Jan 21, 2021Updated 5 years ago
• whwlsfb / cve-2022-22947-godzilla-memshell

  View on GitHub
  CVE-2022-22947 注入Godzilla内存马
  ☆210Apr 26, 2022Updated 3 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆754Apr 14, 2021Updated 4 years ago
• mi1k7ea / M7-05

  View on GitHub
  个人使用的一款脚本提权扫描器
  ☆19Sep 6, 2020Updated 5 years ago
• Drac0nids / SeeyonExploit

  View on GitHub
  基于go语言的致远OA漏洞检测工具
  ☆39Oct 28, 2022Updated 3 years ago
• kxcode / JNDI-Exploit-Bypass-Demo

  View on GitHub
  Demo code for post <Restrictions of JNDI Manipulation RCE & Bypass>
  ☆267Jun 17, 2022Updated 3 years ago