SpringShell
hackerone-reports
SpringShell | hackerone-reports | |
---|---|---|
2 | 2 | |
128 | 3,205 | |
- | - | |
1.8 | 6.3 | |
about 2 years ago | 18 days ago | |
Python | Python | |
- | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
SpringShell
-
Spring Core on JDK9 is vulnerable to remote code execution
I'll ask my engineers to post the one he wrote. He did put more details into the article, so go check that. Here is a repo with a POC though: https://github.com/TheGejr/SpringShell
hackerone-reports
- GitHub - reddelexc/hackerone-reports: Top disclosed reports from HackerOne
-
XXE (XML External Entity) Attack & Prevention
There was an interesting case on Hackerone where the XMP metadata of a JPG file was getting parsed unsafely. There are many other interesting XXE bugs there as well if you want to take a look.
What are some alternatives?
Spring4Shell-POC - Spring4Shell Proof Of Concept/And vulnerable application CVE-2022-22965
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
apache-tomcat-8.0.26-src - Tomcat Source Code
hackthebox - Notes Taken for HTB Machines & InfoSec Community.
PoC-CVE-2022-30190 - POC CVE-2022-30190 : CVE 0-day MS Offic RCE aka msdt follina
Exif-Maniac - Post Exploitation Framework via Exif Data in images
spring-rce-war
OWASP-Xenotix-XSS-Exploit-Framework - OWASP Xenotix XSS Exploit Framework is an advanced Cross Site Scripting (XSS) vulnerability detection and exploitation framework.
CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
jira-mobile-ssrf-exploit - Exploit code for Jira Mobile Rest Plugin SSRF (CVE-2022-26135)
Egyscan - Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
xsser - Cross Site "Scripter" (aka XSSer) is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based applications.