Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md
jenkins_cli_rmi_rce.py
jenkins_groovy_xml_rce.py

README.md

Jenkins CLI RMI Java Deserialization RCE (CVE-2015-8103)

Exploit for the Jenkins CLI RMI Java Deserialization RCE (CVE-2015-8103)

The python script uses ysoserial to dynamically generate the payload. Therefore java is required as well.

Jenkins Groovy XML RCE (CVE-2016-0792)

Exploit for Jenkins Groovy XML RCE (CVE-2016-0792)

Note: Although this is listed as a pre-auth RCE, during my testing it only worked if authentication was disabled in Jenkins

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.