Some Serialization/Deserialization vulnerability demos. The goal of these examples is to demonstrate how deserialization flaws work. Therefore they are intentionally simplified and based on somewhat contrived scenarios. This is not an exploitation tool (pentesters will probably want to look a YSOSerial for that sort of thing).
First vagrant up, then:
Start with http://localhost:15080/php
Start with http://localhost:15081/java