Several XStream gadgets ported from ysoserial

Related tags



This repo contains several ysoserial gadgets, transformed into the XStream serialization format.

Original repo:

Some gadgets are uploaded in form of .xml, which has to be manually edited for the desired effect. Several gadgets need to be generated using the provided Java class.

Ported gadgets

Gadget                  Author                                  Format
------                  ------                                  ------
URLDNS                  @gebl                                   XML
JRMPClient              @mbechler                               XML
AspectJWeaver           @Jang                                   XML
CommonsBeanutils1       @frohoff                                Java
CommonsCollections2     @frohoff                                Java
CommonsCollections4     @frohoff                                Java
CommonsCollections6     @matthias_kaiser                        XML
CommonsCollections7     @scristalli, @hanyrax, @EdoardoVignati  XML
C3P0                    @mbechler                               XML


In order to run Java classes, you need:

  • xstream-1.4.17.jar (or any other version)
  • kxml2-2.3.0.jar
  • ysoserial.jar (see repo provided in the beginning of this README)
Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Da

Dor Tumarkin 35 Sep 3, 2021
☕️ Java Security,安全编码和代码审计

☕️ Hello Java Sec Java漏洞平台,结合漏洞代码和安全编码,帮助研发同学理解和减少漏洞 默认账号:admin/admin Vulnerability SQLi XSS RCE Deserialize SSTI SpEL SSRF Directory Traversal Redire

nul1 176 Sep 14, 2021
Rewrite of the dataconverter system for performance.

DataConverter This mod completely rewrites the dataconverter system for Minecraft. Please note that this fabric mod is not to be used. It is published

null 23 Sep 1, 2021
Korean Sentence Splitter

Korean Sentence Splitter Split Korean text into sentences using heuristic algorithm. 1. Installation Maven <dependency> <groupId>io.github.sangdee</

Sangji Lee 27 Aug 26, 2021
Java Design Patterns code examples

Java Design Patterns code examples Behavioral In software engineering, behavioral design patterns are design patterns that identify common communicati

Gaboso™ 3 Aug 13, 2021
Event promoted by DevSuperior to improve the best practices of Spring with Java and has React JS as an additional.

Semana-Spring-React (sds3.0) Introduction SDS3 is an event promoted by DevSuperior which aims to help students and programming professionals to enter

Gilson Vieira de Souza 6 Jul 15, 2021
A repository that contains the backend part of the Human Resources Management System.

Human Resources Management System Backend A human resources management system is a form of human resources (HR) software that combines several systems

Bulent Baris Kilic 15 Aug 4, 2021
🎒 💻 Material for Computer Club Classes

MNNIT Computer Coding Club This repository contains the codes, support links and other relevant materials for every class under Computer Coding Club,

MNNIT Computer Club 60 Sep 13, 2021
A Graphics2D implementation targeting Skija as a backend.

SkijaGraphics2D Version 1.0.2, 4 August 2021 Overview SkijaGraphics2D is an implementation of Java2D's Graphics2D API that targets Skia via the Skija

David Gilbert 21 Sep 3, 2021
DataspaceConnector project

Project The Data Appliance GX project is intended as a proving ground for GAIA-X and data transfer techologies. Getting Started The project requires J

null 13 Sep 17, 2021