Giters

abhijithb200 / XStream-Gadgets-JSON

ysoserial gadgets transformed into xstream json equivalent.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ysoserial gadgets in XStream json format

Description

The repo contains ysoserial gadgets, get transformed into XStream serialization but in json format.

The json equivalent of the ysoserial gadgets can be generated by running the files after compiling it.

The original ysoserial repo : https://github.com/frohoff/ysoserial

The repo conatining xstream gadgets in xml format : https://github.com/chudyPB/XStream-Gadgets

In XStream, json functionality can be implemented using jettison. More information can be seen in https://x-stream.github.io/json-tutorial.html.

Building

Requires Java 1.7+ and Maven 3.x+

mvn clean package -DskipTests

Generating Payload

The /example folder contains generated payloads.

To create URLDNS equivalent json payload:

mvn exec:java -Dexec.mainClass="ysoserial.payloads.URLDNS" -Dexec.args="https://google.com"

To create Collections1 equivalent json payload:

mvn exec:java -Dexec.mainClass="ysoserial.payloads.CommonsCollections1" -Dexec.args="whoami"

To create Spring1 equivalent json payload:

mvn exec:java -Dexec.mainClass="ysoserial.payloads.Spring1" -Dexec.args="whoami"

About

ysoserial gadgets transformed into xstream json equivalent.

License:MIT License

Languages

Language:Java 99.8%Language:Dockerfile 0.2%