Vulnerable webapp testbed
-
Updated
May 11, 2016 - Java
Vulnerable webapp testbed
Ruby Deserialization Payload Generator
Python Deserialization Payload Generator
maptool unauthenticated rce exploit <1.8.0 beta2b
PoC for CVE-2020-28032 (It's just a POP chain in WordPress < 5.5.2 for exploiting PHP Object Injection)
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.
This project contains a Java deserialization vulnerability that is exploitable with some ysoserial payloads, but also contains a custom class that can be leveraged to get command execution upon deserialization.
Fastjson扫描器,可识别版本、依赖库、autoType状态等。A tool to distinguish fastjson ,version and dependency
AiCSA,Move to https://github.com/hktalent/AiCSA
Fake MySQL Server for Exploit Vulnerability of MySQL JDBC Driver
Java漏洞学习笔记 Deserialization Vulnerability
This tool is responsible to perform java deserialization attacks on server end points
This report serves as a primer to the vulnerability of the Python pickle module and the dangers of insecure deserialization.
Peas create serialized payload for deserialization RCE attack on python driven applications where pickle ,pyYAML, ruamel.yaml or jsonpickle module is used for deserialization of serialized data. I will update it with more attack vectors to targets other modules.
GPT AiCSA(Code security audit),SAST(Static Application Security Testing,静态应用程序安全测试),JAR security analysis, static vulnerability and vulnerability analysis of various programming language codes
A JBoss Byteman rule to debug the trace the JDK deserialization filtering
Add a description, image, and links to the deserialization-vulnerability topic page so that developers can more easily learn about it.
To associate your repository with the deserialization-vulnerability topic, visit your repo's landing page and select "manage topics."