irsl/struts-any-results irsl/struts-any-results

  • Stars
    star
    12
  • Rank 1,597,372 (Top 32 %)
  • Language
    Java
  • Created about 6 years ago
  • Updated about 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
irsl/struts-any-results
github

irsl

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Demonstrating why Dynamic Method Invocation with unrestricted method names (the old default of Struts) is dangerous.

More Repositories

1

gcp-dhcp-takeover-code-exec

Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
Go
532
star
2

curlshell

reverse shell using curl
Python
444
star
3

ADB-Backup-APK-Injection

Android ADB backup APK Injection POC
138
star
4

dfwfw

Docker Firewall Framework
Perl
130
star
5

jackson-rce-via-spel

An example project that exploits the default typing issue in Jackson-databind via Spring application contexts and expressions
Java
121
star
6

CVE-2020-1313

Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
C++
120
star
7

Huawei-Hisuite-KobackupCipherTool

Tool to encrypt/decrypt backup packages created by Huawei Hisuite.
Java
51
star
8

CVE-2020-0728

Proof of Concept code for CVE-2020-0728
C++
46
star
9

apache-openoffice-rce-via-uno-links

35
star
10

php-bypass-disable-functions

Demo project how to bypass the disable_functions security control of PHP on Linux
PHP
24
star
11

microsoft-diagcab-rce-poc

Proof of concept about a path traversal vulnerability in Microsoft's Diagcab technology that could lead to remote code execution
Perl
22
star
12

CVE-2020-1967

Proof of concept exploit about OpenSSL signature_algorithms_cert DoS flaw (CVE-2020-1967)
19
star
13

lgosp-poc

LG On Screen Phone authentication bypass PoC (CVE-2014-8757)
Perl
14
star
14

golang-insecureskipverify-patch

Simple patcher tool to turn off TLS handshake validation in golang binaries
C
12
star
15

google-osconfig-privesc

Proof of concept about the privilege escalation flaw identified in Google's Osconfig
Python
10
star
16

CVE-2022-20128

Android Debug Bridge (adb) was vulnerable to directory traversal attacks that could have been mounted by rogue/compromised adb daemons during an adb pull operation.
Python
8
star
17

microsoft-diaghub-case-sensitivity-eop-cve

Proof of concept code about the Microsoft Diaghub case sensitivity Elevation of Privileges vulnerability
C#
8
star
18

tcp-http-proxy

A potential solution for OpenWRT + Mitmproxy
C
5
star
19

gnu-patch-vulnerabilities

The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.
5
star
20

mysql-load-data-local-abuse

Abusing MySQL's LOAD DATA LOCAL feature
Perl
4
star
21

golang-http2debug-onthefly

Tool to activate http2debug feature of golang on the fly.
Shell
3
star
22

go-reproto

An experimental tool to reconstruct proto definitions based on golang binaries
Perl
3
star
23

cloud-sql-auth-proxy-iam-mitm

PoC tool to demonstrate an MitM attack against Google's Cloud SQL authentication proxy product.
Go
2
star
24

pcap-proxy

A simple userland TCP proxy application that captures the network flow into a .pcap file
Perl
2
star
25

CVE-2022-3168-adb-unexpected-reverse-forwards

Proof of concept code to exploit flaw in adb that allowed opening network connections on the host to arbitrary destinations
Python
2
star
26

icedtea-web-vulnerabilities

Hosting proof of concept exploit code of the remote code execution vulnerabilities in the IcedTea-Web Java webstart implementation.
2
star
27

postgres-proxy-cloudsql-iam-vuln

A PoC proxy script that allowed me to extract access tokens from the Postgres wire messages in Google Cloud SQL.
Perl
1
star
28

cloud-shell-ssrf

Google Cloud Shell SSRF feature PoC tool
Python
1
star
29

grpcurl-for-android

gRPCurl precompiled binaries for Android
1
star
30

rdiff-backup

Simple docker image around rdiff-backup
Shell
1
star
31

raiffeisen-direktnet

Transaction parser for the Raiffeisen Direktnet banking website
Perl
1
star
32

hikvision-motion

SMTP server to receive HikVision camera/NVR notifications in order to post process the stream/images with GCP Vision AI (object tagging). Push notification to your device.
Python
1
star
33

p1x1

Open-source web application for cataloging and archiving private photos in S3 compatible stores, protecting content via a full-browser, client-side encryption logic.
TypeScript
1
star
34

proftpd-mysql-password

Support for MySQL PASSWORD() in Proftpd's SQLAuthTypes
C
1
star