xcanwin/CVE-2023-4357-Chrome-XXE

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/xcanwin/CVE-2023-4357-Chrome-XXE)

xcanwin / CVE-2023-4357-Chrome-XXE

[漏洞复现] 全球首款单文件利用 CVE-2023-4357 Chrome XXE 漏洞 EXP, 实现对访客者本地文件窃取. Chrome XXE vulnerability EXP, allowing attackers to obtain local files of visitors.

☆228

Alternatives and similar repositories for CVE-2023-4357-Chrome-XXE

Users that are interested in CVE-2023-4357-Chrome-XXE are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

Sorting:

Hutt0n0 / ActiveMqRCE
View on GitHub
用java实现构造openwire协议，利用activeMQ < 5.18.3 RCE 回显利用内存马注入
☆290Nov 20, 2023Updated 2 years ago
tarihub / blackjump
View on GitHub
JumpServer 堡垒机未授权综合漏洞利用, Exploit for CVE-2023-42442 / CVE-2023-42820 / RCE 2021
☆275Jun 6, 2025Updated last year
0x00007c00 / JundeadShell
View on GitHub
Java内存马注入工具
☆251Apr 8, 2023Updated 3 years ago
TonyNPham / GodzillaPlugin-Suo5-MemProxy
View on GitHub
一款高性能 HTTP 内存代理 | 哥斯拉插件 | readteam | 红队 | 内存马 | Suo5 | Godzilla | 正向代理
☆293Aug 8, 2023Updated 2 years ago
Lotus6 / ConfluenceMemshell
View on GitHub
Confluence CVE 2021，2022，2023 利用工具，支持命令执行，哥斯拉，冰蝎内存马注入
☆558Feb 1, 2024Updated 2 years ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
fnmsd / MySQL_Fake_Server
View on GitHub
MySQL Fake Server use to help MySQL Client File Reading and JDBC Client Java Deserialize
☆1,370Nov 18, 2021Updated 4 years ago
pen4uin / java-echo-generator
View on GitHub
一款支持自定义的 Java 回显载荷生成工具｜A customizable Java echo payload generation tool.
☆464Jan 12, 2025Updated last year
libaibaia / cloudSec
View on GitHub
云安全利用工具-云平台AK/SK-WEB利用工具，添加AK/SK自动检测资源，无需手动执行，支持云服务器、存储桶、数据库操作
☆595Dec 19, 2024Updated last year
luelueking / RuoYi-v4.7.8-RCE-POC
View on GitHub
☆254Feb 25, 2024Updated 2 years ago
howmp / iisproxy
View on GitHub
通过websocket在IIS8(Windows Server 2012)以上实现socks5代理
☆111Jan 26, 2024Updated 2 years ago
veo / vagent
View on GitHub
多功能 java agent 内存马
☆528Oct 8, 2023Updated 2 years ago
Soufaker / docker_v2_catalog
View on GitHub
Registry API 未授权访问漏洞利用
☆29May 17, 2023Updated 3 years ago
achuna33 / Memoryshell-JavaALL
View on GitHub
收集内存马打入方式
☆508May 20, 2022Updated 4 years ago
Neo-Maoku / SearchAvailableExe
View on GitHub
寻找可利用的白文件
☆560Aug 18, 2025Updated 9 months ago
Deploy to Railway using AI coding agents - Free Credits Offer • Ad
Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
kyo-w / router-router
View on GitHub
Java web路由内存分析工具
☆439May 22, 2025Updated last year
veo / wsMemShell
View on GitHub
WebSocket 内存马/Webshell，一种新型内存马/WebShell技术
☆1,492Apr 10, 2023Updated 3 years ago
Whoopsunix / JavaRce
View on GitHub
Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
☆550Mar 6, 2025Updated last year
Esonhugh / yapi-rce-webshell
View on GitHub
Yapi mock script RCE another version. Webshell way. 另一种 Webshell 方式的 Yapi 命令执行的方法相比于其他的利用方式更加微操和可控影响更小
☆66Jul 4, 2024Updated last year
c0olw / NacosRce
View on GitHub
Nacos JRaft Hessian 反序列化 RCE 加载字节码注入内存马不出网利用
☆851Jul 7, 2023Updated 2 years ago
YYHYlh / Dubbo-Scan
View on GitHub
一款让你不只在dubbo-sample、vulhub或者其他测试环境里检测和利用成功的Apache Dubbo 漏洞检测工具。
☆172Aug 9, 2023Updated 2 years ago
0xf4n9x / CDGXStreamDeserRCE
View on GitHub
亿赛通电子文档安全管理系统XStream反序列化漏洞任意文件上传利用
☆120Aug 9, 2024Updated last year
luelueking / Deserial_Sink_With_JDBC
View on GitHub
Some ReadObject Sink With JDBC
☆245May 8, 2024Updated 2 years ago
corener / JavaPassDump
View on GitHub
JavaPassDump
☆275Jan 7, 2022Updated 4 years ago
GPU virtual machines on DigitalOcean Gradient AI • Ad
Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
sv3nbeast / DnslogCmdEcho
View on GitHub
命令执行不回显但DNS协议出网的命令回显场景解决方案
☆277Jan 10, 2023Updated 3 years ago
Bl0omZ / JNDIEXP
View on GitHub
JNDI在java高版本的利用工具,FUZZ利用链
☆601Oct 8, 2022Updated 3 years ago
rebeyond / JNDInjector
View on GitHub
一个高度可定制化的JNDI和Java反序列化利用工具
☆473Jan 17, 2023Updated 3 years ago
safe6Sec / PentestDB
View on GitHub
各种数据库的利用姿势
☆1,034Jan 3, 2025Updated last year
phith0n / vueinfo
View on GitHub
Extract website information from Vue
☆285Aug 29, 2023Updated 2 years ago
xiecat / goblin
View on GitHub
一款适用于红蓝对抗中的仿真钓鱼系统
☆1,538May 30, 2023Updated 3 years ago
teamssix / twiki
View on GitHub
T Wiki 云安全知识文库，可能是国内首个云安全知识文库？
☆1,049Dec 21, 2024Updated last year
pykiller / API-T00L
View on GitHub
互联网厂商API利用工具。
☆572Sep 13, 2024Updated last year
Symph0nia / ExpFuzzWordlist
View on GitHub
ExpFuzz字典
☆20May 27, 2024Updated 2 years ago
Managed Database hosting by DigitalOcean • Ad
PostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
BeichenDream / CVE-2022-26134-Godzilla-MEMSHELL
View on GitHub
☆341Jun 7, 2022Updated 4 years ago
BeichenDream / InjectJDBC
View on GitHub
注入JVM进程动态获取目标进程连接的数据库
☆344Mar 6, 2022Updated 4 years ago
burpheart / CVE-2022-39197-patch
View on GitHub
CVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
☆318Sep 26, 2022Updated 3 years ago
pen4uin / java-memshell-generator
View on GitHub
一款支持自定义的 Java 内存马生成工具｜A customizable Java in-memory webshell generation tool.
☆2,198Aug 21, 2025Updated 9 months ago
veo / ebpf_shell
View on GitHub
ebpf WebShell/内核马，一种新型内核马/WebShell技术
☆353Jan 8, 2024Updated 2 years ago
A0WaQ4 / HexDnsEchoT
View on GitHub
命令执行不回显但DNS协议出网的命令回显场景解决方案（修改为使用ceye接收请求，添加自定义DNS服务器）
☆292Aug 20, 2023Updated 2 years ago
AbelChe / evil_minio
View on GitHub
EXP for CVE-2023-28434 MinIO unauthorized to RCE
☆319Apr 4, 2023Updated 3 years ago