issues
search
wh1t3p1g
/
ysomap
A helpful Java Deserialization exploit framework.
Apache License 2.0
1.17k
stars
150
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
Bump org.apache.tomcat:tomcat-catalina from 8.0.36 to 8.5.96 in /core
#60
dependabot[bot]
opened
6 months ago
0
Bump com.alibaba:hessian-lite from 3.2.12 to 3.2.13 in /core
#59
dependabot[bot]
opened
7 months ago
0
使用payload生成时提示com.thoughtworks.xstream.converters.ConversionException: Security alert. Marshalling rejected.
#58
bakabakaba
closed
7 months ago
2
CommonsCollections3 生成POC时 出现 Bullet Type Not Match 错误
#57
winezer0
closed
8 months ago
2
Bump org.springframework:spring-context from 4.3.16.RELEASE to 5.2.22.RELEASE in /core
#56
dependabot[bot]
opened
8 months ago
0
ShiroRCE1 exploit AES过程错误
#54
BBQM1911
closed
7 months ago
1
DELETED
#53
arghyac35
closed
10 months ago
0
修改Session,为特定payload增添wrapped选项
#52
whocansee
closed
1 year ago
2
添加了新Gadget,修复了一个Exploit
#51
whocansee
closed
1 year ago
10
Hessian XString deserialisation stack trace
#50
br-sn
closed
1 year ago
6
报错
#49
Huuuuuaaaa
closed
1 year ago
3
Bump commons-fileupload from 1.3.1 to 1.5 in /core
#48
dependabot[bot]
closed
1 year ago
1
Bump spring-web from 4.3.16.RELEASE to 6.0.0 in /core
#47
dependabot[bot]
closed
1 year ago
1
Bump jackson-databind from 2.9.5 to 2.12.7.1 in /core
#46
dependabot[bot]
closed
1 year ago
1
添加通过dnslog探测类
#45
Ar3h
closed
1 year ago
1
Bump jackson-databind from 2.9.5 to 2.13.4.1 in /core
#44
dependabot[bot]
closed
1 year ago
1
请问一下如何HashMap通过反射修改put方法,put进去的key
#43
halodoom
closed
2 years ago
3
Bump tomcat-catalina from 8.0.36 to 8.5.9 in /core
#42
dependabot[bot]
closed
2 years ago
1
add payload RMIConnectUnicastRef
#41
cokeBeer
closed
2 years ago
2
Bump mysql-connector-java from 5.1.47 to 8.0.28 in /core
#40
dependabot[bot]
closed
2 years ago
1
Bump fastjson from 1.2.58 to 1.2.83 in /core
#39
dependabot[bot]
closed
2 years ago
1
Bump xercesImpl from 2.9.1 to 2.12.2 in /core
#38
dependabot[bot]
closed
2 years ago
1
请问一下,如何对fastjson注入一个内存马
#37
laowang1026
opened
2 years ago
0
Bump jackson-databind from 2.12.2 to 2.12.6.1 in /core
#36
dependabot[bot]
closed
2 years ago
1
新增执行Class功能 可以执行任意Class代码
#35
BeichenDream
closed
2 years ago
0
Bump hessian from 4.0.0 to 4.0.2 in /core
#34
dependabot[bot]
closed
2 years ago
1
Hessian2 Add
#33
G0doot
closed
2 years ago
0
test for commit
#32
orleven
closed
2 years ago
0
add c2 loader
#31
orleven
closed
2 years ago
0
Revert "add socket echo payload info"
#30
wh1t3p1g
closed
2 years ago
0
Bump xstream from 1.4.17 to 1.4.19 in /core
#29
dependabot[bot]
closed
2 years ago
1
add socket echo payload info
#28
orleven
closed
2 years ago
0
Bump xercesImpl from 2.9.1 to 2.12.0 in /core
#27
dependabot[bot]
closed
2 years ago
1
Revert "add some new bullet by wh4am1"
#26
wh1t3p1g
closed
2 years ago
0
add some new bullet by wh4am1
#25
sf197
closed
2 years ago
0
infinite loop when run explot
#24
faitHme000123
closed
2 years ago
1
show options exception
#23
faitHme000123
closed
2 years ago
1
ReflectionHelper.newInstance应用面较小
#22
HYWZ36
closed
3 years ago
1
可以在 Release 里面提供一个编译好的 jar 包吗😂
#21
halozhy
closed
3 years ago
1
Bump xstream from 1.4.17 to 1.4.18 in /core
#20
dependabot[bot]
closed
2 years ago
1
Bump commons-fileupload from 1.3.1 to 1.3.3 in /core
#19
dependabot[bot]
closed
3 years ago
1
Could ysomap:cli:0.0.1-SNAPSHOT drop off redundant dependencies to loose weight?
#18
Celebrate-future
closed
3 years ago
0
生成序列化文件失败
#17
XuCcc
closed
3 years ago
1
请问一下:如果我想用shiro+JRMP+cb链或者cc链+注入一个内存马
#16
sv3nbeast
closed
3 years ago
3
CommonsBeanutils1生成ser后要怎么使用?
#15
maybe-why-not
closed
3 years ago
8
Bump mysql-connector-java from 5.1.47 to 8.0.16 in /core
#14
dependabot[bot]
closed
3 years ago
1
Bump xstream from 1.4.15 to 1.4.17 in /core
#13
dependabot[bot]
closed
3 years ago
1
Bump xstream from 1.4.15 to 1.4.16 in /core
#12
dependabot[bot]
closed
3 years ago
1
Bump xstream from 1.4.6 to 1.4.15 in /core
#11
dependabot[bot]
closed
3 years ago
1
Bump groovy from 2.4.3 to 2.4.21 in /core
#10
dependabot[bot]
closed
3 years ago
1
Next