https://github.com/fynch3r/Gadgets

Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。
https://github.com/fynch3r/Gadgets

Last synced: about 1 month ago
JSON representation

Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。

• Host: GitHub
• URL: https://github.com/fynch3r/Gadgets
• Owner: fynch3r
• License: mit
• Created: 2021-05-11T07:48:58.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2021-12-03T10:42:43.000Z (almost 3 years ago)
• Last Synced: 2024-05-13T19:35:27.130Z (4 months ago)
• Language: Java
• Homepage:
• Size: 136 KB
• Stars: 434
• Watchers: 7
• Forks: 39
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - fynch3r/Gadgets - Java反序列化漏洞利用链补全计划，仅用于个人归纳总结。 (Java)

README

        
# Gadgets

[![Page Views Count](https://badges.toozhao.com/badges/01F7NNRQH1QEEJVY4HA933246X/blue.svg)](https://badges.toozhao.com/stats/01F7NNRQH1QEEJVY4HA933246X "Get your own page views count badge on badges.toozhao.com")

# 免责声明

*本项目实质为**已知**漏洞复现，为个人代码审计过程的记录。*

# 同步分析博客

[Java反序列化利用链补全计划](https://0range228.github.io/Java%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%88%A9%E7%94%A8%E9%93%BE%E8%A1%A5%E5%85%A8%E8%AE%A1%E5%88%92/)

# 目前支持

- URLDNS

- CC1_TransformedMap

- CC1_LazyMap

- CC2_TransformingComparator

- CC2_TemplatesImpl

- CC3_TrAXFilter

- CC4_PriorityQueue

- CC5_BadAttributeValueExpException

- CC5_InstantiateTransformer

- CC5_TemplatesImpl

- CC6_HashMap

- CC6_InstantiateTransformer

- CC6_TemplatesImpl

- CC7_Hashtable

- CC7_InstantiateTransformer

- 7u21

- 8u20

- XStream_CVE_2013_7285

- XStream_CVE_2020_26217

- XStream_CVE_2020_26259

- XStream_CVE_2021_21344

- XStream_CVE_2021_21345

- XStream_CVE_2021_21346

- XStream_CVE_2021_21347

- XStream_CVE_2021_21350

- XStream_CVE_2021_21351

- ...

梳理不易，欢迎issue & follow & star ！ 

ps. 最近太忙了，家人们，会尽力抽空更新......