QAQ Just study unserialize vulnerabilities in Java :)
Switch branches/tags
Nothing to show
Clone or download
Latest commit 3b4d55e Aug 22, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
.idea Add JDK7u21 Apr 10, 2018
src/main/java [ADD] 添加ApacheShiro的PoC Jun 20, 2018
.gitignore first commit Apr 9, 2018
JavaUnserializationStudy.iml first commit Apr 9, 2018
LICENSE Initial commit Apr 8, 2018 Update Aug 22, 2018
pom.xml Add JDK7u21 Apr 10, 2018


Just for learn Java's unserialize vulnerability. More code will be pushed later.

Vulnerability analysis articles will be published on my blog :)


I plan to analyze the following security vulnerabilities.

  • Spring-tx unserialize vulnerability.
  • Apache Commons Collections unserizlize vulnerability.
  • JDK7u21 vulnerability.
  • JDK8u20 vulnerability.
  • FastJSON unserialize vulnerability.
  • Jackson unserialize vulnerability.
  • Apache Shiro unserialize vulnerability.