CVEs-PoC/2016/CVE-2016-2510.md at eb8fb22b51df9332dc1ec68d0bcaedfdbefed8cd

mirror of https://github.com/0xMarcio/cve.git synced 2026-03-11 17:06:06 +00:00

Files

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.

POC

Reference

https://github.com/frohoff/ysoserial/pull/13
https://www.oracle.com/security-alerts/cpuoct2020.html

Github

https://github.com/AdeliaNitzsche/Java-Deserialization-Cheat-Sheet
https://github.com/BrittanyKuhn/javascript-tutorial
https://github.com/GrrrDog/Java-Deserialization-Cheat-Sheet
https://github.com/PalindromeLabs/Java-Deserialization-CVEs
https://github.com/duangsuse-valid-projects/DBeanShell-obsoleted
https://github.com/klausware/Java-Deserialization-Cheat-Sheet
https://github.com/mishmashclone/GrrrDog-Java-Deserialization-Cheat-Sheet
https://github.com/rebujacker/WebRCEPoCs

1.2 KiB Raw Blame History

CVE-2016-2510

Description

POC

Reference

Github

1.2 KiB

Raw Blame History