Security "Re-searcher"
Blog: Y4er.com
Team: ChaBug
Twitter: @Y4er_ChaBug
y4er / cve-2020-2555 Goto Github PK
View Code? Open in Web Editor NEWWeblogic com.tangosol.util.extractor.ReflectionExtractor RCE
License: MIT License
cve-2020-2555's Introduction
cve-2020-2555's People
Contributors
Stargazers
Watchers
Forkers
shahid1996 doanhnhq 1f3lse xichawai lubyruffy 5l1v3r1 harry1080 a11en4 ramos-dev sry309 aaq1adqwe rockmelodies kikaylee findlakes marsmanchina fbion m4tir functfan 02bx whizsail blbana ahrendsschmidt yuxiaoyou123 libraggbond r4c0box r4b3rt omiter w20di crackercat mantouxiao zjiehu c0d1007 kakakpy useafter greatspider135 cve-vuln 3453-315h uuuunotfound seiry vv4r1ock 0xjamesli killvxk johnhubcr cmbchina1 fdlucifer madusec luoyeatl atlassion crj0b 30579096 nyx2022 nanaao mssky9527 werwolfz hinat0ycve-2020-2555's Issues
instructions to build serialized object (exp.ser)
Hi,
Would it be possible to post the instructions on how to build the serialized object (evil object) or maybe create a 'Makefile' to auto-build the project?
Thanks!
issue when trying to build serialized object with CVE_2020_2555.java
javac CVE_2020_2555.java
CVE_2020_2555.java:5: error: package com.supeream.serial does not exist
import com.supeream.serial.Serializables;
^
CVE_2020_2555.java:6: error: package com.supeream.weblogic does not exist
import com.supeream.weblogic.T3ProtocolOperation;
^
CVE_2020_2555.java:7: error: package com.tangosol.util.extractor does not exist
import com.tangosol.util.extractor.ChainedExtractor;
^
CVE_2020_2555.java:8: error: package com.tangosol.util.extractor does not exist
import com.tangosol.util.extractor.ReflectionExtractor;
^
CVE_2020_2555.java:9: error: package com.tangosol.util.filter does not exist
import com.tangosol.util.filter.LimitFilter;
^
CVE_2020_2555.java:38: error: cannot find symbol
ReflectionExtractor extractor1 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:38: error: cannot find symbol
ReflectionExtractor extractor1 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:45: error: cannot find symbol
ReflectionExtractor extractor2 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:45: error: cannot find symbol
ReflectionExtractor extractor2 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:52: error: cannot find symbol
ReflectionExtractor extractor3 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:52: error: cannot find symbol
ReflectionExtractor extractor3 = new ReflectionExtractor(
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:58: error: cannot find symbol
ReflectionExtractor[] extractors = {
^
symbol: class ReflectionExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:64: error: cannot find symbol
ChainedExtractor chainedExtractor = new ChainedExtractor(extractors);
^
symbol: class ChainedExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:64: error: cannot find symbol
ChainedExtractor chainedExtractor = new ChainedExtractor(extractors);
^
symbol: class ChainedExtractor
location: class CVE_2020_2555
CVE_2020_2555.java:65: error: cannot find symbol
LimitFilter limitFilter = new LimitFilter();
^
symbol: class LimitFilter
location: class CVE_2020_2555
CVE_2020_2555.java:65: error: cannot find symbol
LimitFilter limitFilter = new LimitFilter();
^
symbol: class LimitFilter
location: class CVE_2020_2555
CVE_2020_2555.java:87: error: cannot find symbol
byte[] payload = Serializables.serialize(badAttributeValueExpException);
^
symbol: variable Serializables
location: class CVE_2020_2555
17 errors
项目文件缺少tangosol
您好,大佬,方便把tangosol项目文件贴出来吗,谢谢您
Missing license
Hello!
Could you tell me under which license you published your project?
I am a student at the University of Ulm and I am currently writing my master thesis.
For my empirical study I am looking for different vulnerable OS projects to evaluate different sec tools.
I would like to include your project, but unfortunately I can't find a license.
Thank you! :)
Can I add you on Twitter? Please give me ur link )
使用问题
第三个参数是什么
测试没有成功
大牛,能将项目导出分享一下吗,谢谢。
z
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.