Sploits

May 21, 2020 ยท View on GitHub

Place for random PoCs

ojdbc_ssrf

Gadget (SSRF) in Oracle JDBC thin driver for Java native deserialization

Details here

Requires ojdbc7.jar. FakeOracleConnection is a dump empty class that implements OracleConnection interface.

flex.json

JSON deserialization RCE PoC for Flexjson (http://flexjson.sourceforge.net/)

jodd.json

JSON deserialization RCE PoC for Jodd (https://jodd.org/json/)

Contents

  1. 0.1ojdbc_ssrf
  2. 0.2flex.json
  3. 0.3jodd.json