JNDI-Injection-Exploit
JNDI-Injection-Exploit copied to clipboard
welk1n
JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
hi guys i dont find the way to run this server like in the command you provide? thank you
Hello, Nothing seems to execute while referencing the above printout msg from your logj4 exploit. Any reason why open http://google.com is not working?
According to a comment on [this](https://stackoverflow.com/questions/68031764/jndi-referencermi-load-remote-class-failed) stackoverflow question, JNDI automatically substitutes javax.naming.Reference for com.sun.jndi.rmi.registry.ReferenceWrapper. So you have to get the reference from it with getReference(). Should fix #7
Target environment jdk6 jdk向下兼容的原因,可以利用低版本jdk去在高版本的jvm执行,实战中遇到好多jdk6 的环境,作者工具新的很棒,帮助改进一点。 效果如下:  更改代码为下,使用jdk6 编译src/test/java/ExecTemplateJDK6.java 即可 
@welk1n Hi, I am a user of project **_welk1n:JNDI-Injection-Exploit:1.0-SNAPSHOT_**. I found that its pom file introduced **_28_** dependencies. However, among them, **_4_** libraries (**_14%_**) have not been used by your...
javax.naming.NotContextException: rmi://54.x.x.x:1099/ngiawf at RegistryContextFactory.URLToContext
I have tweaked the code to use the new Groovy payload given by orange last month. However in my usecase , i dont have a direct initialContext.lookup available. What i...
Bumps tomcat-catalina from 8.5.38 to 8.5.86. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}