Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
Covered in-depth in the article "The 0xDABB of Doom", published on the Checkmarx blog https://www.checkmarx.com/blog/technical-blog/the-0xdabb-of-doom-cve-2021-25641/
spring-cloud-function SpEL RCE Vultarget You can build it for youself. here is the source of the Vuln App Or you can use the release which built by cc
Apache Log4j 2 Apache log4j2 开源日志组件远程代码执行 攻击者通过构造恶意请求,触发服务器log4j 2 日志组件的远程代码执行漏洞。漏洞无需特殊配置,经验证,最新版的补丁可以防护此问题 官方最新补丁: log4j-2.15.0-rc2 紧急处置方案 2.10 or 以上
Multiple Open-API groups: Spring boot POC showing how to divide endpoint(s) among different Open-API screens Demo Link (Select definition from top rig
README This repo contains several ysoserial gadgets, transformed into the XStream serialization format. Original repo: https://github.com/frohoff/ysos
HubCore HubCore is an in-Development Lobby Plugin for Nukkit and PowerNukkit supporting API Versions through 1.0.9 to 1.0.13 It is highly configurable
JndiLookup Some tool to help analyzing Apache Log4j 2 CVE-2021-44228 This tool uses the "lookup" feature from log4j-2 to test against the JNDI vulnera
Log4j CVE-2021-44228 and CVE-2021-45046 Requisites Use a vulnerable JDK, for instance JDK 1.8.0_181 Usage Malicious server The malicious server deploy
欢迎大家留言和PR~ Tip: 技术更新换代太快,本仓库仅做参考,自己的项目具体使用哪个版本还需谨慎思考~(不推荐使用最新的版本,推荐使用(最新-1|2)的版本,会比较稳定) spring-boot-quick 前言 自己很早就想搞一个总的仓库就是将自己平时遇到的和学习到的东西整合在一起,方便后
Codec-dubbo Codec-dubbo is a binary codec framework for dubbo protocol Features Fully compatible with Dubbo protocol Completely rewritten based on Net
CVE-2021-31805 PoC for CVE-2021-31805 (Apache Struts2) CVE-2021-31805の解説記事で使用したアプリケーションです。 セットアップ $ docker-compose build $ docker-compose up -d 動作確認
CVE-2021-44228-Demo 利用 CVE-2021-44228,通过 RMI 和 LDAP 两种方式远程注入代码的示例。 Exploit class from RMI Server loaded Hello, ${jndi:rmi://127.0.0.1:1099/exploit} Ex
Build ./build.sh Start log4j RCE Server ./start-log4j-rce-server.sh Test Run java -cp log4j-rce-1.0-SNAPSHOT-all.jar log4j Check if you get logs in ha
[toc] 友情提示:近期在升级和优化该项目,建议先 Star 本项目。主要在做几个事情: 1、微服务技术选型以 Spring Cloud Alibaba 为中心。 2、修改项目分层,并合并部分服务,简化整体服务的复杂性。 3、将管理后台从 React 重构到 Vue 框架。 交流群:传送门 前言
友情提示:因为提供了 50000+ 行示例代码,所以艿艿默认注释了所有 Maven Module。 胖友可以根据自己的需要,修改 pom.xml 即可。 一个涵盖六个主流技术栈的正经仓库: 《Spring Boot 专栏》 《Spring Cloud Alibaba 专栏》 《Spring Clou
CVE-2021-44228 in Minecraft Java 16 Paper server build #397 Minecraft 1.17.1 Exploitation In Java 16 only deserialization attacks work by default usin
Spring Cloud Alibaba A project maintained by Alibaba. See the 中文文档 for Chinese readme. Spring Cloud Alibaba provides a one-stop solution for distribut
-- This repository has been archived -- Further development of this tool will continue at corretto/hotpatch-for-apache-log4j2. Thanks for sharing, com
Log4J-RCE-Proof-Of-Concept (CVE-2021-44228) This is a proof of concept of the log4j rce. Here are some links for the CVE-2021-44228: https://www.lunas
Log4jHotPatch This is a tool which injects a Java agent into a running JVM process. The agent will attempt to patch the lookup() method of all loaded
4 May 21, 2022
2 Dec 14, 2021
3 Feb 1, 2022
7k Jan 6, 2023
5 Feb 15, 2022
24.4k Jan 1, 2023
108 Dec 23, 2021
181 Dec 2, 2022
493 Dec 13, 2022