├── .idea ├── $CACHE_FILE$ ├── compiler.xml ├── encodings.xml ├── jarRepositories.xml ├── misc.xml ├── uiDesigner.xml └── workspace.xml ├── pom.xml ├── readme.md ├── shiroPoc.iml └── src ├── main └── java │ ├── burp │ ├── BurpExtender.java │ ├── Config.java │ ├── ConfigPanel.java │ ├── CustomScanIssue.java │ ├── GeneratePayload.java │ ├── Menu.java │ └── UrlFilter.java │ ├── org │ ├── apache │ │ └── shiro │ │ │ └── subject │ │ │ └── SimplePrincipalCollection.java │ └── unicodesec │ │ ├── EncryptUtil.java │ │ ├── GeneratePayload.java │ │ ├── Version.java │ │ ├── keys.java │ │ └── poc.java │ └── yso │ └── payloads │ ├── Deserializer.java │ ├── Serializer.java │ ├── Strings.java │ ├── annotation │ ├── ArgsType.java │ ├── Arguments.java │ ├── Authors.java │ ├── Dependencies.java │ └── PayloadTest.java │ ├── exploitType │ ├── EXP.java │ ├── SpringBootEcho1.java │ ├── XrayCmd.java │ └── XraySysProp.java │ ├── gadgets │ ├── CommonsCollections10.java │ ├── CommonsCollections2.java │ ├── CommonsCollections4.java │ ├── CommonsCollections8.java │ ├── Jdk7u21.java │ ├── Jdk8u20.java │ └── ObjectGadget.java │ └── utils │ ├── ClassFiles.java │ ├── Converter.java │ ├── Gadgets.java │ ├── JavaVersion.java │ └── Reflections.java └── test └── java └── org └── unicodesec └── AppTest.java /.idea/$CACHE_FILE$: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/$CACHE_FILE$ -------------------------------------------------------------------------------- /.idea/compiler.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/compiler.xml -------------------------------------------------------------------------------- /.idea/encodings.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/encodings.xml -------------------------------------------------------------------------------- /.idea/jarRepositories.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/jarRepositories.xml -------------------------------------------------------------------------------- /.idea/misc.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/misc.xml -------------------------------------------------------------------------------- /.idea/uiDesigner.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/uiDesigner.xml -------------------------------------------------------------------------------- /.idea/workspace.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/.idea/workspace.xml -------------------------------------------------------------------------------- /pom.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/pom.xml -------------------------------------------------------------------------------- /readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/readme.md -------------------------------------------------------------------------------- /shiroPoc.iml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/shiroPoc.iml -------------------------------------------------------------------------------- /src/main/java/burp/BurpExtender.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/BurpExtender.java -------------------------------------------------------------------------------- /src/main/java/burp/Config.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/Config.java -------------------------------------------------------------------------------- /src/main/java/burp/ConfigPanel.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/ConfigPanel.java -------------------------------------------------------------------------------- /src/main/java/burp/CustomScanIssue.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/CustomScanIssue.java -------------------------------------------------------------------------------- /src/main/java/burp/GeneratePayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/GeneratePayload.java -------------------------------------------------------------------------------- /src/main/java/burp/Menu.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/Menu.java -------------------------------------------------------------------------------- /src/main/java/burp/UrlFilter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/burp/UrlFilter.java -------------------------------------------------------------------------------- /src/main/java/org/apache/shiro/subject/SimplePrincipalCollection.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/apache/shiro/subject/SimplePrincipalCollection.java -------------------------------------------------------------------------------- /src/main/java/org/unicodesec/EncryptUtil.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/unicodesec/EncryptUtil.java -------------------------------------------------------------------------------- /src/main/java/org/unicodesec/GeneratePayload.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/unicodesec/GeneratePayload.java -------------------------------------------------------------------------------- /src/main/java/org/unicodesec/Version.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/unicodesec/Version.java -------------------------------------------------------------------------------- /src/main/java/org/unicodesec/keys.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/unicodesec/keys.java -------------------------------------------------------------------------------- /src/main/java/org/unicodesec/poc.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/org/unicodesec/poc.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/Deserializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/Deserializer.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/Serializer.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/Serializer.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/Strings.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/Strings.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/annotation/ArgsType.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/annotation/ArgsType.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/annotation/Arguments.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/annotation/Arguments.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/annotation/Authors.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/annotation/Authors.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/annotation/Dependencies.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/annotation/Dependencies.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/annotation/PayloadTest.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/annotation/PayloadTest.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/exploitType/EXP.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/exploitType/EXP.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/exploitType/SpringBootEcho1.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/exploitType/SpringBootEcho1.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/exploitType/XrayCmd.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/exploitType/XrayCmd.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/exploitType/XraySysProp.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/exploitType/XraySysProp.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/CommonsCollections10.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/CommonsCollections10.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/CommonsCollections2.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/CommonsCollections2.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/CommonsCollections4.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/CommonsCollections4.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/CommonsCollections8.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/CommonsCollections8.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/Jdk7u21.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/Jdk7u21.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/Jdk8u20.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/Jdk8u20.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/gadgets/ObjectGadget.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/gadgets/ObjectGadget.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/utils/ClassFiles.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/utils/ClassFiles.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/utils/Converter.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/utils/Converter.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/utils/Gadgets.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/utils/Gadgets.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/utils/JavaVersion.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/utils/JavaVersion.java -------------------------------------------------------------------------------- /src/main/java/yso/payloads/utils/Reflections.java: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/potats0/shiroPoc/HEAD/src/main/java/yso/payloads/utils/Reflections.java -------------------------------------------------------------------------------- /src/test/java/org/unicodesec/AppTest.java: -------------------------------------------------------------------------------- 1 | --------------------------------------------------------------------------------