CVE-2017-12149

This repository contains a proof-of-concept exploit for CVE-2017-12149, a deserialization vulnerability in JBoss. The exploit generates a malicious payload to verify the vulnerability by writing a file to the target system and returning a specific string if successful.

This repository contains a GUI-based exploit for CVE-2017-12149, a deserialization vulnerability in JBoss AS 6.X. It generates a malicious serialized payload using Apache Commons Collections to achieve remote code execution via a reverse shell.

This exploit targets CVE-2017-12149, a deserialization vulnerability in JBoss AS. It includes payloads for both Linux and Windows systems, leveraging serialized Java objects to achieve remote code execution.

This is a Python-based exploit for CVE-2017-12149, a Java deserialization vulnerability in JBoss. It uses ysoserial to generate a malicious payload and sends it to the target via HTTP/HTTPS to achieve remote code execution.

This repository contains a functional Perl exploit for CVE-2017-12149, targeting a deserialization vulnerability in JBoss Application Server. The exploit leverages crafted serialized data to execute arbitrary commands on the vulnerable server.

This repository provides a containerized JBoss AS 6.1.0 environment to demonstrate Java Deserialization (CVE-2017-12149) via ysoserial payloads. It includes a script to generate a reverse shell payload for exploitation.

This script checks for the presence of CVE-2017-12149 by sending a POST request to a specific endpoint and analyzing the response status code. It does not exploit the vulnerability but confirms its existence.

This is a Python-based exploit for CVE-2017-12149, which targets a deserialization vulnerability in JBoss. The exploit constructs malicious serialized payloads for both Linux and Windows targets to achieve remote code execution (RCE).

This repository contains a proof-of-concept exploit for CVE-2017-12149, a deserialization vulnerability in JBoss. The exploit generates a malicious serialized payload that writes a file to the target system, demonstrating remote code execution.

This Perl script exploits CVE-2017-12149, a deserialization vulnerability in JBoss Application Server's HTTP Invoker. It crafts a malicious serialized payload to achieve remote code execution (RCE) on vulnerable systems.

This repository contains a proof-of-concept exploit for CVE-2017-12149, targeting a deserialization vulnerability in JBoss. The exploit generates a malicious payload to achieve remote code execution by writing a class file to the target system and executing it.

This repository provides a lab setup guide for exploiting CVE-2017-12149, an insecure deserialization vulnerability in JBoss versions prior to 7.0. It includes instructions for setting up a Docker environment with JBoss 6.0.0 Final and Oracle JDK 6.

This Metasploit module scans JBoss instances for multiple vulnerabilities, including CVE-2017-12149, by checking for unauthenticated access to specific endpoints and default credentials. It does not exploit the vulnerabilities but detects their presence.