Lucene search
K
GiteeMost viewed

1886 matches found

Gitee
Gitee
added 2021/11/08 5:5 p.m.10 views

Exploit for Deserialization of Untrusted Data in Fasterxml Jackson-Databind

CVE-2020-8840 Jackson-databind远程代码执行漏洞(CVE-2020-8840)分析复现环境代码。 项目包含: jackson-databind、Fastjson中payload WebServer恶意类 编译好的marshalsec-0.0.3-SNAPSHOT-all.jar 漏洞简介 Jackson-databind远程代码执行漏洞(CVE-2020-8840),攻击者可利用xbean-reflect的利用链(org.apache.xbean.propertyeditor.JndiConverter)触发JNDI远程类加载从而达到远程代码执行。...

9.8CVSS8.9AI score0.26587EPSS
Exploits5
Gitee
Gitee
added 2021/10/12 8:51 p.m.10 views

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, an exploit module targeting the WangluoAnquan framework. The exploit is designed to demonstrate the vulnerability in the framework's UploadHandler.ashx component, which allows for arbitrary file uploads. The exploit uses a simple form submission to upload a maliciou...

7.8CVSS8.3AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/10/04 5:34 p.m.10 views

exploitdb

This is an official repository of The Exploit Database, a project sponsored by Offensive Security. The repository contains exploits, shellcodes, and papers for various vulnerabilities in different software and systems. The exploits are categorized by operating system and vulnerability type, and c...

7.7AI score
Exploits0
Gitee
Gitee
added 2021/09/27 2:38 p.m.10 views

Exploit for Off-by-one Error in Sudo_Project Sudo

PoC exploit for CVE-2021-3156, a heap-based buffer overflow in Sudo. The target product/service is Sudo, a Unix command to execute a command with superuser root privileges. The vulnerability class/vector is a heap-based buffer overflow. Notable dependencies/tooling include the Qualys Security...

7.8CVSS8.2AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/09/11 3:12 a.m.10 views

Exploit for CVE-2020-1938

This is a proof-of-concept PoC exploit for CVE-2020-1938, a vulnerability in Apache Tomcat's AJP protocol. The exploit is written in Python and utilizes the ajpy library to interact with the AJP protocol. The exploit targets the Local File Inclusion LFI vulnerability in Tomcat, allowing an attack...

9.8CVSS7.3AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2021/07/24 2:28 p.m.10 views

Exploit for Code Injection in Drupal

Drupal 远程代码执行漏洞(CVE-2018-7602) 影响软件:drupal 方式:对URL中的进行编码两次,绕过sanitize函数过滤 效果:任意命令执行 漏洞环境 执行如下命令启动drupal 7.57的环境: bash docker-compose up -d 环境启动后,访问 http://your-ip:8081/ 将会看到drupal的安装页面,一路默认配置下一步安装。因为没有mysql环境,所以安装的时候可以选择sqlite数据库。 漏洞复现 参考pimps/CVE-2018-7600的PoC。 如下图所示,执行以下命令即可复现该漏洞。示例命令为...

9.8CVSS7AI score0.99993EPSS
Exploits58
Gitee
Gitee
added 2021/04/22 12:40 p.m.10 views

Hack-Tools

This is an offensive tool for Web Pentesters. It is a browser extension called HackTools, which facilitates web application penetration tests. The extension includes cheat sheets and tools such as XSS payloads, reverse shells, and more, accessible in one click. It can be used in pop-up mode or in...

6.5AI score
Exploits0
Gitee
Gitee
added 2021/02/15 9:1 p.m.10 views

Exploit for Use After Free in Microsoft

微软3389远程漏洞CVE-2019-0708批量检测工具 0x001 Win下检测 https://github.com/robertdavidgraham/rdpscan C:\Users\K8team\Desktop\rdpscan-master\vs10\Release 的目录 2019/06/02 02:11 DIR . 2019/06/02 02:11 DIR .. 2019/06/02 01:55 2,582,016 libcrypto-11.dll 2019/06/02 01:57 619,520 libssl-11.dll 2019/06/02 02:04 172,03...

10CVSS7AI score0.99999EPSS
Exploits123
Gitee
Gitee
added 2021/01/18 5:38 p.m.10 views

Exploit for Out-of-bounds Write in Php

This is an exploit for a bug in php-fpm CVE-2019-11043. The bug is possible to trigger from the outside in certain nginx + php-fpm configurations, allowing a web user to execute code if the configuration is vulnerable. The exploit works by setting the PHPVALUE path info to a malicious value, whic...

9.8CVSS8.2AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/09/03 10:24 p.m.10 views

Exploit for Out-of-bounds Write in Php

This is an exploit module for a bug in php-fpm CVE-2019-11043. The bug allows a web user to execute code on a vulnerable server if the server has a specific configuration. The exploit targets the PHP 7+ versions, but the bug itself is present in earlier versions. The exploit works by setting the...

9.8CVSS7.7AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/09/03 10:32 a.m.10 views

Exploit for Out-of-bounds Write in Php

It is an exploit module/toolkit targeting a remote code execution vulnerability. The target product/service or framework is php-fpm and Nginx. The vulnerability class/vector is remote code execution RCE. The probable entry point is not specified. Notable dependencies/tooling include Python and...

9.8CVSS8.7AI score0.9947EPSS
Exploits54
Gitee
Gitee
added 2020/08/26 7:50 p.m.10 views

Exploit for CVE-2020-1938

It is an exploit module for CNVD-2020-10487 CVE-2020-1938, a file read vulnerability in Tomcat AJP. The vulnerability allows an attacker to read files on the server by sending a specially crafted AJP request. The exploit is implemented in Python 2.7 and uses the ajpy library to interact with the...

9.8CVSS6.7AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2020/08/09 11:3 a.m.10 views

Exploit for CVE-2015-0273

phpcodz Php Codz Hacking http://www.80vul.com/pch/ What is PHP? PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. If you are new to PHP and want to get some idea of how it works, try the introductory tutorial. Afte...

10CVSS6.9AI score0.41315EPSS
Exploits13
Gitee
Gitee
added 2020/07/30 7:50 p.m.10 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments, including ones related to CVE-2016-9086, CVE-2017-1000353, CVE-2013-4547, and CVE-2018-1000006. The target...

9.8CVSS8.2AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2020/07/01 4:26 p.m.10 views

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144, also known as Eternalblue-Doublepulsar. This Metasploit module exploits the vulnerability to install a Doublepulsar backdoor on a Windows system. The module targets the SMB protocol, specifically the Ring 0 SMB TCP 445 backdoor. The exploit is designed to run on...

9.3CVSS6.9AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2020/06/01 10:51 p.m.10 views

Exploit for Deserialization of Untrusted Data in Apache Tomcat

It is an offensive tool for Java. This repository contains a proof-of-concept PoC exploit for CVE-2020-9484, a vulnerability in the Apache Commons Collections library for Java. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit is implement...

7CVSS7.5AI score0.56636EPSS
Exploits15
Gitee
Gitee
added 2020/04/26 9:31 a.m.10 views

Exploit for CVE-2017-0144

PoC exploit for CVE-2017-0144 Eternalblue-Doublepulsar. The target product/service is Windows operating system, specifically the SMB Server Message Block protocol. The vulnerability class/vector is a remote code execution RCE vulnerability, which allows an attacker to execute arbitrary code on th...

9.3CVSS8.7AI score0.9923EPSS
Exploits55
Gitee
Gitee
added 2020/04/09 5:52 p.m.10 views

Exploit for CVE-2013-0422

K8tools 20190521 声明: 工具仅供安全研究或授权渗透,非法用途后果自负。 博客: https://www.cnblogs.com/k8gege 下载: https://github.com/k8gege/K8tools PS: 不定期更新,文件比较大,可按需下载。工具有BUG或建议可直接Github上留言 提权工具均可在远控Cmd或WebShell运行,大部份经过修改编译兼容性稳定性更好 注意:不保证永久有效,喜欢自行保存。 综合工具 + 综合工具 K8飞刀Final.rar + K8data.mdb K8飞刀漏洞数据库20190402 + K8expList.txt...

10CVSS9.1AI score0.99448EPSS
Exploits97
Gitee
Gitee
added 2020/04/08 2:1 p.m.10 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Gitlab

It is an offensive tool for vulnerability research and education. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2017-1000353, and CVE-2018-1000006. The target product/servi...

9.8CVSS9.7AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2020/03/30 7:11 a.m.10 views

Exploit for CVE-2017-0213

windows-kernel-exploits 简介 windows-kernel-exploits 漏洞列表 Security Bulletin KB Description Operating System - MS17-017 KB4013081 GDI Palette Objects Local Privilege Escalation windows 7/8 - CVE-2017-8464 LNK Remote Code Execution Vulnerability windows 10/8.1/7/2016/2010/2008 - CVE-2017-0213...

9.3CVSS7.5AI score0.90026EPSS
Exploits32
Gitee
Gitee
added 2020/03/29 4:51 p.m.10 views

Exploit for CVE-2018-8581

CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后,完成对其他用户包括域管理员邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本,它将在配置好相关参数后,自动完成目标邮箱inbox收件箱的添加委托和删除委托操作,以方便甲方安全部门和红队对授权企业完成一次模拟攻击过程 原PoC是两个脚本配合使用完成添加收信规则的操作,在甲方红队实际工作中不怎么实用,而原PoC除了需要邮箱外,还需要设置目标邮箱用户的SID,但在参考文章中提到的获取用户SID的方法,我在实际环境中测试Exchange Server...

7.4CVSS7AI score0.27558EPSS
Exploits7
Gitee
Gitee
added 2020/03/23 3:45 p.m.10 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS7.6AI score0.82697EPSS
Exploits23
Gitee
Gitee
added 2020/02/05 1:43 a.m.10 views

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

ysoserial-cve-2018-2628 0x1. 准备工作 - 准备好POC脚本及Payload Object生成、JRMPListener运行所需软件环境 Python 2.7.x Oracle Java SE 1.7+ - 准备好一套安装好Patch Set Update 180417补丁的WebLogic Server 10.3.6环境(仅有AdminServer即可) 如果有现成的、已经安装好这个PSU版本的WebLogic环境,则可跳过这一步。 - 准备好POC工具 从本项目里下载POC脚本(wls-cve-2018-2628-poc.py)...

9.8CVSS6.9AI score0.99448EPSS
Exploits77
Gitee
Gitee
added 2020/02/04 1:43 p.m.10 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an open-source collection of pre-built vulnerable docker environments. The primary CVE ID is not explicitly mentioned, but the repository contains various vulnerable environments based on Docker-Compose, including ones for CVE-2016-9086, CVE-2013-4547, and CVE-2017-1000353. The target...

9.8CVSS7.5AI score0.99686EPSS
Exploits45
Gitee
Gitee
added 2019/09/04 8:16 a.m.10 views

Exploit for Improper Input Validation in Jenkins

hackUtils It is a hack tool kit for pentest and web security research, which is based on BeautifulSoup bs4 module http://www.crummy.com/software/BeautifulSoup/bs4/. Usage: hackUtils.py options Options: -h, --help Show basic help message and exit -b keyword, --baidu=keyword Fetch URLs from Baidu...

9CVSS7.6AI score0.82697EPSS
Exploits23
Gitee
Gitee
added 2018/08/03 9:28 a.m.10 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This repository is an offensive tool for a vulnerability environment. It is a collection of Docker Compose files for various vulnerabilities, allowing users to easily set up and test vulnerable environments. The repository includes files for vulnerabilities such as CVE-2016-9086, CVE-2017-1000353...

9.8CVSS7.1AI score0.99686EPSS
Exploits45
Gitee
Gitee
added 2018/02/23 12:32 p.m.10 views

Exploit for Improper Input Validation in Joomla Joomla\!

CMS-Hunter 简介 Content Management System Vulnerability Hunter 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。 CMS 漏洞列表 Discuz - Discuz<3.4birthprovince前台任意文件删除 DedeCMS - DedeCMSv5.7shopsdelivery存储型XSS - DedeCMSv5.7carbuyaction存储型XSS - DedeCMSv5.7友情链接CSRFGetShell Drupal - Drupal远程代码执行漏洞CVE-2017-6920 Struts -...

9.8CVSS7AI score0.99826EPSS
Exploits39
Gitee
Gitee
added 2017/08/29 5:54 p.m.10 views

Exploit for CVE-2017-8570

Based on the provided context, here is a summary of the analysis: Classification: Exploit toolkit for CVE-2017-8570, a Microsoft Office PPSX RCE vulnerability. Primary Functionality: The toolkit generates a malicious PPSX file and delivers a payload either local or remote to the victim. Key...

9.3CVSS8.1AI score0.89889EPSS
Exploits14
Gitee
Gitee
added 2023/09/08 9:54 a.m.9 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Iphone_Os

CVE-2018-4407 is a heap buffer overflow vulnerability in the XNU operating system kernel, affecting both iOS and macOS. The vulnerability can lead to a denial-of-service DOS attack. The exploit is a simple and fast BOF Buffer Overflow attack that can be launched using the provided Python script...

8.8CVSS7.3AI score0.2201EPSS
Exploits11
Gitee
Gitee
added 2023/05/01 12:0 a.m.9 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is a repository for Vulhub, a collection of vulnerable environments for testing and learning about web application security. The repository contains a variety of vulnerable environments, including web servers, databases, and applications, which can be used to test and demonstrate various typ...

9.8CVSS7AI score0.99686EPSS
Exploits53
Gitee
Gitee
added 2023/02/18 2:38 p.m.9 views

Exploit for SQL Injection in Zabbix

It is an offensive tool for Vulnerability Exploitation and Research. The repository contains a collection of vulnerability exploitation tools and research materials, including exploits for various vulnerabilities, proof-of-concept PoC code, and research notes. The tools are organized by...

9.8CVSS7.4AI score0.83284EPSS
Exploits28
Gitee
Gitee
added 2022/08/01 10:25 p.m.9 views

Exploit for Server-Side Request Forgery in Grafana

This is a PoC Proof of Concept repository for various web vulnerabilities, specifically SQL injection and SSRF Server-Side Request Forgery vulnerabilities. The repository contains a list of vulnerabilities, including: CVE-2021-21315: Node.js command injection vulnerability CVE-2020-13379: Grafana...

8.2CVSS8.1AI score0.99856EPSS
Exploits8
Gitee
Gitee
added 2022/02/16 2:54 p.m.9 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

PoC exploit for CVE-2021-4034, a local privilege escalation vulnerability in Polkit's pkexec. The repository contains Python code that exploits this vulnerability to gain root privileges. The code is based on the original C code by blasty and uses the msfvenom payload generator to create a shared...

7.8CVSS7.6AI score0.94921EPSS
Exploits151
Gitee
Gitee
added 2022/02/13 5:32 p.m.9 views

Exploit for Out-of-bounds Write in Polkit_Project Polkit

This repository is a proof-of-concept PoC exploit for CVE-2021-4034, a vulnerability in the polkit privilege escalation exploit. The exploit is implemented in C and uses the execve system call to execute a shell with elevated privileges. The vulnerability is related to the way polkit handles user...

7.8CVSS8AI score0.94921EPSS
Exploits151
Gitee
Gitee
added 2022/02/11 3:10 p.m.9 views

Exploit for Classic Buffer Overflow in Openssl

Vulnerabilityrecurrence-漏洞复现 介绍 复现部分与汽车网络安全相关的漏洞. 软件架构 - OpenSSL CVE-2021-3711 SM2 Decryption Buffer Overflow 使用说明 1. 请参考各分部分 readme 文件. 2. 所有内容搜集于网路,请勿用于非法途径,仅供学习参考. 参与贡献 1. Fork 本仓库 2. 新建 Featxxx 分支 3. 提交代码 4. 新建 Pull Request...

9.8CVSS7.1AI score0.87816EPSS
Exploits1
Gitee
Gitee
added 2021/12/16 11:25 a.m.9 views

Exploit for Privilege Context Switching Error in Canonical Ubuntu_Linux

PoC exploit for CVE-2021-3493, a local privilege escalation vulnerability in Ubuntu OverlayFS. The target is the Linux kernel, specifically the overlayfs file system, which did not properly validate the application of file system capabilities with respect to user namespaces. A local attacker coul...

8.8CVSS6.7AI score0.43988EPSS
Exploits27
Gitee
Gitee
added 2021/12/11 12:59 a.m.9 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...

7.8CVSS7.9AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/11/15 10:1 p.m.9 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 PoC exploit for SMBGhost vulnerability in Windows 10 1903/1909's SMB3 compression capability. This PoC connects to the target host, compresses the authentication request with a bad offset field set in the transformation header, causing the decompressor to buffer overflow and crash t...

10CVSS9.6AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/10/05 9:50 p.m.9 views

Exploit for Files or Directories Accessible to External Parties in Apache Flink

Based on the provided code and analysis, here is a summary of the vulnerabilities: 1. Apache Flink 1.9.x Jar Upload RCE: This vulnerability allows an attacker to upload a malicious JAR file to the Apache Flink server, which can lead to arbitrary command execution and reverse shell. The affected...

9.1CVSS7.4AI score0.97856EPSS
Exploits14
Gitee
Gitee
added 2021/08/16 4:49 p.m.9 views

Exploit for Improper Restriction of XML External Entity Reference in Apache Solr

注意: 切勿利用本工具对未授权的网站进行非法攻击。由此产生的法律后果由使用者自行承担!!! 软件更新早知道 下一版本将补weblogic漏洞将新增spring data Spring Cloud 漏洞敬请期待!!!! AttackWebFrameworkTools 1.0 2021-03-06 AttackWebFrameworkTools For RedTeam 更新状态日志: 2021-03-28 新增 CNVD-2021-10543 MessageSolution信息泄露漏洞,新增Apache OFBiz...

10CVSS8.7AI score0.99898EPSS
Exploits107
Gitee
Gitee
added 2021/07/20 4:31 p.m.9 views

Exploit for CVE-2020-1938

CVE-2020-1938Tomcat-fileinclude and filered Tomcat的文件包含及文件读取漏洞利用POC 文件读取 Usage :python2 "Tomcat-ROOT路径下文件读取CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 文件包含 Usage :python2 "Tomcat-ROOT路径下文件包含CVE-2020-1938.py" -p 8009 -f /test.txt 127.0.0.1 复现详情:http://www.svenbeast.com/post/fqSI9laE8/ img:...

9.8CVSS7AI score0.9927EPSS
Exploits45
Gitee
Gitee
added 2021/07/06 2:8 p.m.9 views

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

This repository contains a collection of Python scripts for various tasks, including password cracking, port scanning, URL to IP conversion, file deduplication, and vulnerability scanning. The scripts are designed to be used for educational purposes, as indicated by the author's blog and the...

10CVSS6.9AI score0.9981EPSS
Exploits125
Gitee
Gitee
added 2021/06/09 7:19 p.m.9 views

Exploit for SQL Injection in Djangoproject Django

CVE-2020-7471 这个仓库提供 CVE-2020-7471 Potential SQL injection via StringAggdelimiter 漏洞的环境和 POC 受影响的 django 版本 - 1.11 到 1.11.28(不含) - 2.2 到 2.2.10(不含) - 3.0 到 3.0.3(不含) 下载使用前需要如下操作: 1. 安装 django 漏洞版本,我测试用的是 python pip install django==3.0.2 -i https://pypi.tuna.tsinghua.edu.cn/simple 2. 参考...

9.8CVSS9.3AI score0.65336EPSS
Exploits9
Gitee
Gitee
added 2021/06/08 9:12 p.m.9 views

Exploit for SQL Injection in Zabbix

This repository is an offensive tool for various vulnerability exploitation and testing. It contains a collection of tools and scripts for identifying and exploiting vulnerabilities in various software and systems. The repository includes tools for testing web applications, network services, and...

9.8CVSS8.1AI score0.83284EPSS
Exploits28
Gitee
Gitee
added 2021/04/14 11:8 p.m.9 views

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a Python-based exploit for the CVE-2021-3156 vulnerability in sudo. The exploit targets Linux systems with glibc and nscd service not running. It overwrites the struct serviceuser to gain root privileges. The exploit has several variants, including: 1. exploitnss.py: This is the main...

7.8CVSS7.7AI score0.99295EPSS
Exploits81
Gitee
Gitee
added 2021/03/29 10:15 a.m.9 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...

9.8CVSS7.5AI score0.99686EPSS
Exploits74
Gitee
Gitee
added 2021/03/19 10:7 a.m.9 views

Exploit for CVE-2021-3129

CVE-2021-3129 Laravel debug rce 食用方法 执行docker-compse up -d启动环境 访问8888端口后点击首页面的generate key就可以复现了 关于docker环境想说的几点: - 把.env.example复制到.env作用是开启debug环境 - 关闭了php.ini的phar.readonly - 在resources/view/里添加了一个hello模板并引用了一个未定义变量,同时在routes/web.php添加路由这个我加在源码里了,没写dockerfile里 复现效果 脚本已放出,脚本要和phpggc项目文件夹在同一级目录下...

9.8CVSS9.9AI score0.99943EPSS
Exploits36
Gitee
Gitee
added 2021/01/24 10:45 a.m.9 views

Exploit for Deserialization of Untrusted Data in Microsoft

CVE-2020-17144-EXP 条件: Exchange2010; 普通用户 默认用法写webshell: CVE-2020-17144-EXP.exe mail.example.com user pass 执行命令 & 端口复用: 修改ExploitClass.cs 参考 @zcgonvh...

8.8CVSS9.4AI score0.36514EPSS
Exploits4
Gitee
Gitee
added 2020/12/08 4:37 p.m.9 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS9.5AI score0.93168EPSS
Exploits18
Gitee
Gitee
added 2020/11/10 8:43 p.m.9 views

dahua

This is a collection of proof-of-concept PoC exploit code and research notes for various vulnerabilities in IP cameras and other network devices. The code is written in Python and C, and the notes provide information on the vulnerabilities, including the attack vector, authentication requirements...

8.5AI score
Exploits0
Total number of security vulnerabilities1886