Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
-
Updated
Jun 9, 2023 - Java
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.
This report serves as a primer to the vulnerability of the Python pickle module and the dangers of insecure deserialization.
This tool is responsible to perform java deserialization attacks on server end points
maptool unauthenticated rce exploit <1.8.0 beta2b
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
Python Deserialization Payload Generator
Ruby Deserialization Payload Generator
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
AiCSA,Move to https://github.com/hktalent/AiCSA
Vulnerable webapp testbed
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
Java漏洞学习笔记 Deserialization Vulnerability
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
Add a description, image, and links to the deserialization-vulnerability topic page so that developers can more easily learn about it.
To associate your repository with the deserialization-vulnerability topic, visit your repo's landing page and select "manage topics."