CVEs-PoC/2016/CVE-2016-2510.md at 71b0cee710ed54e668d68c977dc8a01eece35241

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-10 11:57:37 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

POC

Reference

https://github.com/frohoff/ysoserial/pull/13
https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
https://github.com/BrittanyKuhn/javascript-tutorial
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/duangsuse-valid-projects/DBeanShell-obsoleted
https://github.com/klausware/Java-Deserialization-Cheat-Sheet
https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
https://github.com/rebujacker/WebRCEPoCs

1.2 KiB Raw Blame History

CVE-2016-2510

Description

POC

Reference

Github

1.2 KiB

Raw Blame History