CVE-2023-23638

This repository contains a functional exploit for CVE-2023-23638, targeting Apache Dubbo 3.x. It includes both command execution and service discovery capabilities, with support for GUI and command-line interfaces.

This repository contains a functional exploit PoC for CVE-2023-23638, leveraging Java deserialization via Hessian to bypass Dubbo's serialization checks and achieve RCE through JNDI injection. The exploit manipulates `SerializeClassChecker` to allow deserialization of `JdbcRowSetImpl`, which triggers an LDAP-based payload.

The repository contains a functional PoC for CVE-2023-23638, demonstrating a deserialization attack in Apache Dubbo. The exploit manipulates the SerializeClassChecker to allow deserialization of malicious classes, leading to remote code execution via LDAP.

This repository contains a functional exploit PoC for CVE-2023-23638, leveraging Java deserialization in Apache Dubbo to bypass class restrictions and achieve JNDI injection. The exploit manipulates SerializeClassChecker to allow deserialization of malicious classes like JdbcRowSetImpl.

The repository contains only a README.md file with minimal content, providing no functional exploit code or technical details about CVE-2023-23638.

This repository contains a functional exploit PoC for CVE-2023-23638, leveraging Java deserialization via Apache Dubbo's Hessian protocol to achieve RCE. The exploit manipulates SerializeClassChecker to bypass restrictions and triggers JNDI injection via JdbcRowSetImpl.