maptool unauthenticated rce exploit <1.8.0 beta2b
-
Updated
Feb 10, 2021 - Python
maptool unauthenticated rce exploit <1.8.0 beta2b
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.
This report serves as a primer to the vulnerability of the Python pickle module and the dangers of insecure deserialization.
This tool is responsible to perform java deserialization attacks on server end points
Insecure deserialization library
Python Deserialization Payload Generator
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
Java反序列化/JNDI注入利用工具,支持多种高版本bypass,支持回显/内存马等多种扩展利用。
AiCSA,Move to https://github.com/hktalent/AiCSA
Ruby Deserialization Payload Generator
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
Vulnerable webapp testbed
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
Add a description, image, and links to the deserialization-vulnerability topic page so that developers can more easily learn about it.
To associate your repository with the deserialization-vulnerability topic, visit your repo's landing page and select "manage topics."