welk1n/FastjsonPocs external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

welk1n/FastjsonPocs

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/welk1n/FastjsonPocs)

Close

welk1n / FastjsonPocsView on GitHubMore

• External links
• Readme badge

一些结合第三方组件的Fastjson POC，在1.2.48以后版本中陆续被添加至黑名单。

☆56Oct 29, 2019Updated 6 years ago

Alternatives and similar repositories for FastjsonPocs

Users that are interested in FastjsonPocs are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• r00t4dm / aLIEz

  View on GitHub
  ☆197Sep 26, 2024Updated last year
• haby0 / sec-note

  View on GitHub
  记录各语言、框架中危险的sink，个人代码审计、漏洞研究使用。
  ☆117Dec 30, 2021Updated 4 years ago
• iSafeBlue / fastjson-autotype-bypass-demo

  View on GitHub
  fastjson 1.2.68 版本 autotype bypass
  ☆142Jun 17, 2022Updated 3 years ago
• z1Ro0 / tomcat_nofile_webshell

  View on GitHub
  Tomcat基于动态注册Filter的无文件Webshell
  ☆26Jun 20, 2020Updated 5 years ago
• hosch3n / FastjsonVulns

  View on GitHub
  [fastjson 1.2.80] CVE-2022-25845 aspectj fileread & groovy remote classload
  ☆91Sep 2, 2022Updated 3 years ago
• jas502n / Security_Article

  View on GitHub
  scrapy website Article and link ...
  ☆15Dec 13, 2020Updated 5 years ago
• p1n93r / SpringBootAdmin-thymeleaf-SSTI

  View on GitHub
  SpringBootAdmin-thymeleaf-SSTI which can cause RCE
  ☆86Jul 18, 2023Updated 2 years ago
• keven1z / weblogic_memshell

  View on GitHub
  适用于weblogic和Tomcat的无文件的内存马(memshell)
  ☆270Mar 4, 2022Updated 4 years ago
• depycode / fastjson-c3p0

  View on GitHub
  fastjson不出网利用、c3p0
  ☆256Jul 30, 2021Updated 4 years ago
• Y4er / WebLogic-Shiro-shell

  View on GitHub
  WebLogic利用CVE-2020-2883打Shiro rememberMe反序列化漏洞，一键注册蚁剑filter内存shell
  ☆535Aug 25, 2020Updated 5 years ago
• su18 / JDBC-Attack

  View on GitHub
  JDBC Connection URL Attack
  ☆441Sep 10, 2021Updated 4 years ago
• feihong-cs / jre8u20_gadget

  View on GitHub
  jre8u20 gadget
  ☆34May 23, 2021Updated 4 years ago
• kezibei / fastjson_payload

  View on GitHub
  ☆242Feb 28, 2026Updated 3 weeks ago
• Fushuling / fastjson_mysql

  View on GitHub
  Fastjson + MySQL 条件下不出网利用测试环境
  ☆49Dec 6, 2025Updated 3 months ago
• b0bac / GetMail

  View on GitHub
  利用NTLM Hash读取Exchange邮件
  ☆441Jan 7, 2025Updated last year
• jweny / shiro-cve-2020-17523

  View on GitHub
  shiro-cve-2020-17523 漏洞的两种绕过姿势分析 以及配套的漏洞环境
  ☆119Feb 7, 2021Updated 5 years ago
• Hzllaga / JsLoader

  View on GitHub
  js免杀shellcode，绕过杀毒添加自启
  ☆354Mar 16, 2021Updated 5 years ago
• QAX-A-Team / WeblogicEnvironment

  View on GitHub
  Weblogic环境搭建工具
  ☆796Apr 23, 2020Updated 5 years ago
• Sakurasan / scf-proxy

  View on GitHub
  云函数代理服务
  ☆419Jun 6, 2025Updated 9 months ago
• mishmashclone / GrrrDog-Java-Deserialization-Cheat-Sheet

  View on GitHub
  https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
  ☆54Sep 11, 2021Updated 4 years ago
• jas502n / Shiro_Xray

  View on GitHub
  CommonsBeanutils1,CommonsCollectionsK1
  ☆58Nov 16, 2020Updated 5 years ago
• Wrin9 / weaverOA_sql_RCE

  View on GitHub
  泛微OA_V9全版本的SQL远程代码执行漏洞
  ☆157Apr 20, 2022Updated 3 years ago
• dr0op / shiro-550-with-NoCC

  View on GitHub
  Shiro-550 不依赖CC链利用工具
  ☆450Jun 19, 2024Updated last year
• pmiaowu / log4j2Scan

  View on GitHub
  用于帮助企业内部快速扫描log4j2的jndi漏洞的burp插件
  ☆212Apr 18, 2023Updated 2 years ago
• Drac0nids / SeeyonExploit

  View on GitHub
  基于go语言的致远OA漏洞检测工具
  ☆39Oct 28, 2022Updated 3 years ago
• su18 / hack-fastjson-1.2.80

  View on GitHub
  ☆525Sep 16, 2022Updated 3 years ago
• LandGrey / spring-boot-upload-file-lead-to-rce-tricks

  View on GitHub
  spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
  ☆753Apr 14, 2021Updated 4 years ago
• Airboi / Citrix-ADC-RCE-CVE-2020-8193

  View on GitHub
  Citrix ADC从权限绕过到RCE
  ☆45Jul 12, 2020Updated 5 years ago
• depycode / fastjson-local-echo

  View on GitHub
  基于dbcp的fastjson rce 回显
  ☆197Jun 28, 2021Updated 4 years ago
• feihong-cs / Java-Rce-Echo

  View on GitHub
  Java RCE 回显测试代码
  ☆1,015Oct 15, 2020Updated 5 years ago
• LandGrey / ClassHound

  View on GitHub
  利用任意文件下载漏洞循环下载反编译 Class 文件获得网站 Java 源代码
  ☆712May 10, 2021Updated 4 years ago
• west9b / CVE-2022-30525

  View on GitHub
  CVE-2022-30525 Zyxel 防火墙命令注入漏洞 POC&EXPC
  ☆12May 28, 2022Updated 3 years ago
• f0ng / JavaFileDict

  View on GitHub
  Java应用的一些配置文件字典，来源于公开的字典与平时收集
  ☆320Feb 1, 2024Updated 2 years ago
• LeadroyaL / fastjson-blacklist

  View on GitHub
  ☆835Jun 7, 2022Updated 3 years ago
• timwhitez / Ortau

  View on GitHub
  一个用于隐藏C2的、开箱即用的反向代理服务器。旨在省去繁琐的配置Nginx服务的过程。
  ☆13Feb 14, 2022Updated 4 years ago
• novysodope / RMI_Inj_MemShell

  View on GitHub
  rmi打内存马工具，适用于目标用不了ldap的情况
  ☆253Jul 12, 2023Updated 2 years ago
• potats0 / javaSerializationTools

  View on GitHub
  ☆143Jan 21, 2021Updated 5 years ago
• rebeyond / JNDInjector

  View on GitHub
  一个高度可定制化的JNDI和Java反序列化利用工具
  ☆472Jan 17, 2023Updated 3 years ago
• Y4er / javaagent-tomcat-memshell

  View on GitHub
  使用java agent反序列化注入内存shell
  ☆69Sep 30, 2020Updated 5 years ago