jackson-rce-via-spel
Exploitation demo
A proof-of-concept project demonstrating exploitation of a vulnerability in Jackson-databind via Spring application contexts and expressions.
An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
121 stars
5 watching
63 forks
Language: Java
last commit: about 7 years ago Related projects:
| Repository | Description | Stars |
|---|---|---|
 jas502n/cve-2019-12384 | A proof-of-concept project demonstrating a Jackson RCE vulnerability in Ruby that allows an attacker to execute arbitrary commands on the system. | 97 |
| jas502n/jackson-cve-2020-8840 | A project that details and demonstrates the impact of a remote code execution vulnerability in a popular Java library used for JSON data binding. | 73 |
 mpgn/cve-2019-0192 | A proof of concept project demonstrating a remote code execution vulnerability in Apache Solr via deserialization of untrusted data | 209 |
 smgorelik/windows-rce-exploits | A repository of remote code execution exploit samples and proof-of-concepts for Windows. | 741 |
 jbarone/xxelab | A proof-of-concept web application demonstrating an XML External Entity vulnerability | 225 |
 theori-io/zer0con2018_singi | An exploit demonstrating code execution vulnerabilities in macOS Sierra using Safari and WindowServer | 121 |
 rosehgal/binexp | A tutorial project on exploiting binary files and writing payloads to manipulate program behavior | 1,305 |
 bgeesaman/subpath-exploit | Demonstrates an escape vulnerability in Kubernetes allowing privileged access to a pod through symlinks | 35 |
 grrrdog/sploits | A collection of Proof Of Concept exploits and demonstrations | 17 |
 hardik05/damn_vulnerable_c_program | An example C program demonstrating common types of vulnerabilities, designed to be fuzzed using various tools. | 681 |
| jas502n/fastjson-rce | This project demonstrates a remote code execution vulnerability in a popular JSON parsing library using a crafted input to exploit the RMI protocol. | 66 |
 y4er/cve-2020-2883 | Exploits a remote code execution vulnerability in WebLogic Coherence using Java | 178 |
 jesalg/radd | A Rails and AngularJS application demonstrating authentication and RESTful API architecture | 124 |
 neuralegion/sectester-js-demo-broken-crystals | A demo project to integrate the SecTester JS SDK framework into unit tests and CI pipelines for vulnerability testing | 0 |
 firebasky/csrouge | A tool that exploits vulnerabilities in web servers to execute arbitrary code | 9 |