CVE-2021-29505 PoC — XStream 代码问题漏洞

Source

https://github.com/vulhub/vulhub/blob/master/xstream/CVE-2021-29505/README.md

Associated Vulnerability

Title:XStream 代码问题漏洞 (CVE-2021-29505)
Description:XStream是XStream（Xstream）团队的一个轻量级的、简单易用的开源Java类库，它主要用于将对象序列化成XML（JSON）或反序列化为对象。 XStream存在代码问题漏洞，该漏洞允许远程攻击者有足够的权限仅通过操纵处理后的输入流来执行主机的命令。

File Snapshot


 # XStream Deserialization Remote Command Execution (CVE-2021-29505)

[中文版本(Chinese version)](README.

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-29505 PoC — XStream 代码问题漏洞

Source

Associated Vulnerability

File Snapshot

Remarks