Skip to content
View SerdeSniffer's full-sized avatar
0 followers · 3 following

Block or report SerdeSniffer

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
SerdeSniffer/Readme.md

SerdeSniffer

Introduction

SerdeSniffer uses taint analysis and flow-sensitive bottom-up summary algorithm to check component deserialization gadget chains detection in effective time.

SetUp(Todo)

Docker

The SerdeSniffer Dockerfile provides latest version of doop and souffle. After copying the SerdeSniffer project, use tools/summary-run-scripts/run.sh for analysis.

🐞Discovered vulnerabilities

Command execution

The combination of Spring-aop and ZAPROXY (Not accepted)

Referencs:

1711022209974poc.gif

org.clojure:clojure ( 1.9.0 - 1.12.0 )

Referencs:

command execution

Dos

org.clojure:clojure ( 1.2.0 - 1.12.0 )

Referencs:

Popular repositories Loading

  1. SerdeSniffer SerdeSniffer Public

    SerdeSniffer uses taint analysis and flow-sensitive bottom-up summary algorithm to check component deserialization gadget chains detection in effective time.

    Shell