Several XStream gadgets ported from ysoserial

Related tags

Spring Boot XStream-Gadgets
Overview

README

This repo contains several ysoserial gadgets, transformed into the XStream serialization format.

Original repo: https://github.com/frohoff/ysoserial

Some gadgets are uploaded in form of .xml, which has to be manually edited for the desired effect. Several gadgets need to be generated using the provided Java class.

Ported gadgets

Gadget                  Author                                  Format
------                  ------                                  ------
URLDNS                  @gebl                                   XML
JRMPClient              @mbechler                               XML
AspectJWeaver           @Jang                                   XML
CommonsBeanutils1       @frohoff                                Java
CommonsCollections2     @frohoff                                Java
CommonsCollections4     @frohoff                                Java
CommonsCollections6     @matthias_kaiser                        XML
CommonsCollections7     @scristalli, @hanyrax, @EdoardoVignati  XML
C3P0                    @mbechler                               XML

Dependencies

In order to run Java classes, you need:

  • xstream-1.4.17.jar (or any other version)
  • kxml2-2.3.0.jar
  • ysoserial.jar (see repo provided in the beginning of this README)
You might also like...

Several implementations of a text table, originally using ASCII and UTF-8 characters for borders.

ASCII Table ASCII table - A simple tool to format tables with various row/column options for indentation, indentation character, alignment, padding (l

Dec 26, 2022

BurritoSpigot is a fork of TacoSpigot 1.8.9 that offers several enhancements to performance as well as bug fixes. while offer extra APIs and support for plugins

🌯 BurritoSpigot 🌯 BurritoSpigot is a fork of TacoSpigot 1.8.8 that offers several enhancements to performance as well as bug fixes. while offer extr

Dec 20, 2022

DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

Jan 28, 2022

This repository contains all the Data Structures and Algorithms concepts and their implementation in several ways

This repository contains all the Data Structures and Algorithms concepts and their implementation in several ways

An Open-Source repository that contains all the Data Structures and Algorithms concepts and their implementation in several ways, programming questions and Interview questions. The main aim of this repository is to help students who are learning Data Structures and Algorithms or preparing for an interview.

Dec 31, 2022

A mod that adds a /btellraw command which provides several enhancement over vanilla's tellraw.

Better Tellraw A mod that adds a /btellraw command which provides several enhancement over vanilla's tellraw. This mod only affects the server-side en

Jun 8, 2022

CodeGen - a secure, high efficiency, and offline-able software, it provides several useful functions

CodeGen - a secure, high efficiency, and offline-able software, it provides several useful functions

CodeGen Efficiency ToolBox Introduce Download References Issues and Suggestions Software Preview Introduce CodeGen is a secure, high efficiency, and o

Jan 4, 2023

Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instances that are hidden several layers deep. Works on Linux, Windows, and Mac, and everywhere else Java runs, too!

Log4-detector Scanner that detects vulnerable Log4J versions to help teams assess their exposure to CVE-2021-44228 (CRITICAL), CVE-2021-45046, CVE-202

Dec 26, 2022

A simple-to-use storage ORM supporting several databases for Java.

Storage Handler This is a library based off of my old storage handler within my queue revamp. It's for easy storage handling for multiple platforms. N

Jun 22, 2022
Owner
chudyPB
chudyPB
GitHub
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da

Dor Tumarkin 51 Apr 24, 2022
BurritoSpigot is a fork of TacoSpigot 1.8.9 that offers several enhancements to performance as well as bug fixes. while offer extra APIs and support for plugins

?? BurritoSpigot ?? BurritoSpigot is a fork of TacoSpigot 1.8.8 that offers several enhancements to performance as well as bug fixes. while offer extr

Cobble Sword Services 44 Dec 20, 2022
DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

DM Movie is an app with several movies catalogued through a database, you enter your email and your rating of the movie

Davi M. G. de Almeida 5 Jan 28, 2022
A mod that adds a /btellraw command which provides several enhancement over vanilla's tellraw.

Better Tellraw A mod that adds a /btellraw command which provides several enhancement over vanilla's tellraw. This mod only affects the server-side en

LX862 3 Jun 8, 2022
CodeGen - a secure, high efficiency, and offline-able software, it provides several useful functions

CodeGen Efficiency ToolBox Introduce Download References Issues and Suggestions Software Preview Introduce CodeGen is a secure, high efficiency, and o

null 454 Jan 4, 2023
HubCore - Lobby Plugin for Nukkit with Server Selector, Gadgets, and Friends , Parties!

HubCore HubCore is an in-Development Lobby Plugin for Nukkit and PowerNukkit supporting API Versions through 1.0.9 to 1.0.13 It is highly configurable

OP Heroes Development Team 1 Jan 4, 2022
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da

Dor Tumarkin 51 Apr 24, 2022
Amazing Ruby's "Enumerable" ported to Java

Overview How to use? .all .any .none .select .map .count .reject .find How to contribute? Contributors Overview enumerable4j is a Ruby's well known En

Yurii Dubinka 30 Oct 28, 2022
3arthqu4ke's Phobos 1.12.2 Anarchy Client ported to 1.16 fabric

Phobos for 1.16 Phobos for 1.16 - Ported Phobos for fabric 1.16. ReadMe thanks to Goztb22 3arth(Original Creator) - https://github.com/3arthqu4ke 1.12

null 35 Dec 23, 2022
CaffeineMC(and Iris) Mods Ported from Fabric to Forge

CaffeineMC Reforged This is an Unofficial port of the core CaffeineMC Mods, alongside Iris. This is in no way related to the original mod teams, Code

Someone Else 45 Nov 19, 2022