• Search by APIs
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• Java-Unserialization-Study-master
  • src
    • main
      • java
        • me
          • lightless
            • fastjson
              • Exp.java
            • springtx
              • exp.java
            • JDK7u21
              • exp.java
            • ApacheCommonsCollections
              • exp.java
            • shiro
              • shiro.py
            • server
              • Server.java
        • ExportObject.java
  • JavaUnserializationStudy.iml
  • pom.xml
  • LICENSE
  • README.md
  • .idea
    • compiler.xml
    • encodings.xml
    • misc.xml
    • vcs.xml
  • .gitignore

Java-Unserialization-Study

Just for learn Java's unserialize vulnerability. More code will be pushed later.

Vulnerability analysis articles will be published on my blog :)

Vulnerability

I plan to analyze the following security vulnerabilities.

• [x] Spring-tx unserialize vulnerability.
• [x] Apache Commons Collections unserizlize vulnerability.
• [x] JDK7u21 vulnerability.
• [x] JDK8u20 vulnerability.
• [x] FastJSON unserialize vulnerability.
• [ ] Jackson unserialize vulnerability.
• [x] Apache Shiro unserialize vulnerability.