Home

Awesome

Sploits

Place for random PoCs

ojdbc_ssrf

Gadget (SSRF) in Oracle JDBC thin driver for Java native deserialization

Details here

Requires ojdbc7.jar. FakeOracleConnection is a dump empty class that implements OracleConnection interface.

flex.json

JSON deserialization RCE PoC for Flexjson (http://flexjson.sourceforge.net/)

jodd.json

JSON deserialization RCE PoC for Jodd (https://jodd.org/json/)