wh1t3p1g / ysoserial
forked from frohoff/ysoserial and added my own payloads.
☆148Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for ysoserial
- Weblogic com.tangosol.util.extractor.ReflectionExtractor RCE☆176Updated last year
- attackRmi☆250Updated 4 years ago
- A simple python script to generate XML payloads works for XMLDecoder based on ProcessBuilder and Runtime exec☆149Updated 3 years ago
- weblogic t3 deserialization rce☆264Updated 7 years ago
- Weblogic IIOP CVE-2020-2551☆333Updated 4 years ago
- Spring Boot Actuator (jolokia) XXE/RCE☆317Updated 4 years ago
- A vulnerable application exposing Spring Boot Actuators☆122Updated 5 years ago
- Weblogic coherence.jar RCE☆178Updated 4 years ago
- Apache Solr RCE via Velocity template☆107Updated 4 years ago
- A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.☆100Updated 4 years ago
- Shiro RCE (Padding Oracle Attack)☆142Updated 4 years ago
- cve-2020-0688☆162Updated 4 years ago
- RMI 反序列化环境 一步步☆211Updated 4 years ago
- Burp extension intended to compact Burp extension tabs by hijacking them to own tab.☆128Updated 3 years ago
- MOGWAI LABS JMX exploitation toolkit☆197Updated last year
- 🐱💻 Poc of CVE-2019-7238 - Nexus Repository Manager 3 Remote Code Execution 🐱💻☆149Updated 5 years ago
- Apache Solr Exploits 🌟☆336Updated 4 years ago
- SpringBoot_Actuator_RCE☆96Updated 4 years ago
- fastjson-1.2.47☆65Updated 5 years ago
- ☆185Updated 6 months ago
- Confluence 未授权 RCE (CVE-2019-3396) 漏洞☆145Updated 5 years ago
- fastjson bypass autotype 1.2.68 with Throwable and AutoCloseable.☆223Updated 2 years ago
- Weblogic CVE-2020-14645 UniversalExtractor JNDI injection getDatabaseMetaData()☆79Updated 4 years ago
- CVE-2019-2725命令回显+webshell上传+最新绕过☆189Updated 5 years ago
- CVE-2020-36179~82 Jackson-databind SSRF&RCE☆81Updated 3 years ago
- A Burp plugin that collects Burp request parameters, directories, paths and file names into the database for sorting☆89Updated 3 years ago
- tomcat使用了自带session同步功能时,不安全的配置(没有使用EncryptInterceptor)导致存在的反序列化漏洞,通过精心构造的数据包, 可以对使用了tomcat自带session同步功能的服务器进行攻击。PS:这个不是CVE-2020-9484,9484…☆213Updated 4 years ago
- Weblogic CVE-2019-2725 CVE-2019-2729 Getshell 命令执行☆68Updated 5 years ago